Security Basics mailing list archives
RE: IPSec vs. IPSec/L2TP
From: Mark Lewis <mark () mjlnet com>
Date: Tue, 12 Apr 2005 10:21:29 +0100
From: "Ghaith Nasrawi" <libero () aucegypt edu> To: "security-basics" <security-basics () securityfocus com> Subject: RE: IPSec vs. IPSec/L2TP Date: Mon, 11 Apr 2005 01:07:03 +0000 The reason people use L2TP is due the need to provide login
mechanism
to users. IPSec by itself is meant to by a tunneling protocol
in a
gateway-to-gateway scenario (there are still two modes,
tunnel mode &
transport mode).
Noooooooo....L2TP is not required to provide a login mechanism. Although standard IKE phase 1 provides device authentication (via pre-shared keys/certificates/encrpyted nonces), mechanisms such as Extended Authentication (XAuth, see http://www.watersprings.org/pub/id/draft-beaulieu-ike-xauth-02.txt) can be used to provide user authentication via a login. XAuth can take place between IKE phases 1 and 2. Also, L2TP itself does not provide any user login authentication at all - L2TP only allows optional authentication for tunnel endpoints (the LAC and LNS). Any user authentication is provided by PPP which runs over L2TP. Hope that helps, Mark CCIE#6280 / CCSI#21051 / JNCIS#121 / etc. Author: http://www.amazon.com/exec/obidos/ASIN/1587051044/ --------------------------------------------------------------------------- Earn your MS in Information Security ONLINE Organizations worldwide are in need of highly qualified information security professionals. Norwich University is fulfilling this demand with its MS in Information Security offered online. Recognized by the NSA as an academically excellent program, NU offers you the opportunity to earn your degree without disrupting your home or work life. http://www.msia.norwich.edu/secfocus_en ----------------------------------------------------------------------------
Current thread:
- IPSec vs. IPSec/L2TP BĂ©noni MARTIN (Apr 08)
- RE: IPSec vs. IPSec/L2TP Mark Lewis (Apr 09)
- RE: IPSec vs. IPSec/L2TP Mark Lewis (Apr 09)
- Re: IPSec vs. IPSec/L2TP Rodrigo Blanco (Apr 09)
- <Possible follow-ups>
- RE: IPSec vs. IPSec/L2TP Ghaith Nasrawi (Apr 11)
- RE: IPSec vs. IPSec/L2TP Mark Lewis (Apr 12)