[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PPP over IPSec (without L2TP)?
Mr. Huttunen,
Your wrote with following header and content (after the "==="
mark):
The question I have is in your last sentence.
" If there are some, which is possible, wouldn't it be
better to enhance IPSec protocol(s) to enable the same, instead of having
L2TP?"
Does it sound like you want to "enhance IPSec protocol"?
Regards,
--- David
BTW. I cc to the same cc you did.
===========================================================
Date: Thu, 14 Oct 1999 12:02:37 +0300
From: Ari Huttunen <Ari.Huttunen@DataFellows.com>
Organization: Data Fellows Oyj
X-Mailer: Mozilla 4.51 [en] (WinNT; I)
X-Accept-Language: en
MIME-Version: 1.0
To: ietf-ipsra@vpnc.org, ipsec@lists.tislabs.com
Subject: PPP over IPSec (without L2TP)?
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-ipsra@mail.vpnc.org
Precedence: bulk
List-Archive:
<http://www.vpnc.org/ietf-ipsra/mail-archive/>
List-Unsubscribe:
<mailto:ietf-ipsra-request@vpnc.org?body=unsubscribe>
At 12:02 PM 10/14/99 +0300, you wrote:
Microsoft's position regarding L2TP is
according to
http://www.microsoft.com/windows/server/Technical/networking/NWPriv.asp
(partly) the following:
L2TP is a well-defined, interoperable protocol that addresses the current
shortcomings of IPSec-only client-to-gateway and gateway-to-gateway
scenarios (user authentication, tunnel IP address assignment, and
multiprotocol support). L2TP has broad vendor support, particularly among
the largest network access equipment providers, and has verified
interoperability. By placing L2TP as payload within an IPSec packet,
communications benefit from the standards-based encryption and
authenticity of
IPSec, while also receiving a highly interoperable way to accomplish user
authentication, tunnel address assignment, multiprotocol support, and
multicast support using PPP. This combination is commonly referred to as
L2TP/IPSec. Lacking a better pure IPSec standards solution, Microsoft
believes that L2TP/IPSec provides the best standards based solution for
multi-vendor, interoperable client-to-gateway VPN scenarios. Microsoft is
working closely with key networking vendors including Cisco, 3Com,
Lucent and IBM, to support this important combination.
I agree that having PPP gives us the stated benefits (and more?).
However, I fail to see why there
is a need to have an L2TP (and UDP) layer(s) between PPP and IPSec. As I
understand
L2TP, it would give us two benefits a) being able to tunnel PPP over
several links, which
IPSec already gives us, and b) being able to specify telephone world
things like calling /
called numbers and call failures due to a busy tone, which in a general
IP world are non-relevant.
I agree that a lot of Internet connectivity is through a telephone
network, but the calling numbers
should not be relied on for any sort of identification, despite what the
telephone world people
would like to convince people to believe. The only valid usage for
telephone numbers that
I see is call charging, but the ISPs are free to use L2TP for that
purpose without there being
any need for IPSec security gateways or IPSec hosts knowing or even
caring about it.
So, please show me what benefits PPP over L2TP over IPSec provides when
compared
to just running PPP over IPSec? If there are some, which is possible,
wouldn't it be
better to enhance IPSec protocol(s) to enable the same, instead of having
L2TP?
--
Ari
Huttunen
phone: +358 9 859 900
Senior Software Engineer fax :
+358 9 8599 0452
Data Fellows Corporation
http://www.DataFellows.com
F-Secure products: Integrated Solutions for Enterprise Security
References: