[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PPP over IPSec (without L2TP)?
At 07:07 PM 10/19/99 +0300, you wrote:
David Chen wrote:
> At 12:02 PM 10/14/99 +0300, you wrote:
> >Microsoft's position regarding L2TP is according to
>
>http://www.microsoft.com/windows/server/Technical/networking/NWPriv.asp
> >(partly) the following:
> >
> >L2TP is a well-defined, interoperable protocol that addresses
the current
> >shortcomings of IPSec-only client-to-gateway and
gateway-to-gateway
> >scenarios (user authentication, tunnel IP address assignment,
and
> >multiprotocol support). L2TP has broad vendor support,
particularly among
> >the largest network access equipment providers, and has
verified
> >interoperability. By placing L2TP as payload within an IPSec
packet,
> >communications benefit from the standards-based encryption and
authenticity of
> >IPSec, while also receiving a highly interoperable way to
accomplish user
> >authentication, tunnel address assignment, multiprotocol
support, and
> >multicast support using PPP. This combination is commonly
referred to as
> >L2TP/IPSec. Lacking a better pure IPSec standards solution,
Microsoft
> >believes that L2TP/IPSec provides the best standards based
solution for
> >multi-vendor, interoperable client-to-gateway VPN scenarios.
Microsoft is
> >working closely with key networking vendors including Cisco,
3Com,
> >Lucent and IBM, to support this important combination.
> >
> >I agree that having PPP gives us the stated benefits (and
more?). However,
> >I fail to see why there
> >is a need to have an L2TP (and UDP) layer(s) between PPP and
IPSec. As I
> >understand
> >L2TP, it would give us two benefits a) being able to tunnel PPP
over
> >several links, which
> >IPSec already gives us, and b) being able to specify telephone
world
> >things like calling /
> >called numbers and call failures due to a busy tone, which in a
general IP
> >world are non-relevant.
> >
> >I agree that a lot of Internet connectivity is through a
telephone
> >network, but the calling numbers
> >should not be relied on for any sort of identification, despite
what the
> >telephone world people
> >would like to convince people to believe. The only valid usage
for
> >telephone numbers that
> >I see is call charging, but the ISPs are free to use L2TP for
that purpose
> >without there being
> >any need for IPSec security gateways or IPSec hosts knowing or
even caring
> >about it.
> >
> >So, please show me what benefits PPP over L2TP over IPSec
provides when
> >compared
> >to just running PPP over IPSec? If there are some, which is
possible,
> >wouldn't it be
> >better to enhance IPSec protocol(s) to enable the same, instead
of having
> >L2TP?
It is better, if IPSec has all PPP features.
Why bother with L2TP? If you like to "enhance IPSec
protocol(s)"
--- David
> The last sentence is ????
> If you like to improve IPSec, why bother L2TP?
> Just put all PPP features into IPSec. :-)
> This is not a good logic.
> --- David
Pardon? I fail to parse that.. What do you mean?
Ari
>
>
> >--
> >Ari
Huttunen
phone: +358 9 859 900
> >Senior Software Engineer
fax : +358 9 8599 0452
> >
> >Data Fellows Corporation
http://www.DataFellows.com
> >
> >F-Secure products: Integrated Solutions for Enterprise
Security
--
Ari
Huttunen
phone: +358 9 859 900
Senior Software Engineer fax :
+358 9 8599 0452
Data Fellows Corporation
http://www.DataFellows.com
F-Secure products: Integrated Solutions for Enterprise Security
Follow-Ups: