It is possible to make the user appear to be on a subnet assigned by the corporate server with the addition of some client functionality beyond the core IPSec specification. My company's IPSec client allows the user to configure one or more virtual adapters with IP addresses and then bind these virtual adapters to physical or dial-up adapters. The net effect of this is that it is possible to support tunnel mode IPSec in which the inner IP address looks to the corporate gateway like an IP address within the corporate subnet. This allows easy routing of return packets as well as potentially access to resources on the corporate network that restrict access to IP addresses outside the subnet.
This of course does not solve the problem of how you get the IP address across - a topic that is currently being discussed in the IPSRA working group.
Jeff Kleiman
----
Trilogy, Inc. [http://www.tril-inc.com]
Provider of core IPSec technology
and consulting services
-----Original Message-----
From: HyungTech H [mailto:hhkte@yahoo.com]
Sent: 15 March 2000 00:52
To: ipsec@lists.tislabs.com
Subject: Do we need L2TP additionally in following IPSec-ed case?Hello,
I wonder whether IPsec combined with L2TP has more
advantage over IPSec alone:
Dial-up User <===(1)======>RAS based on Radius(provided by ISP)
Dial-up User <====(2)=====>IPSec GateWay to companyA's Premise(1): Dial-up User establishes InternetConnection using ISP
(2): Using IPSec remote Client(on Windows), the user exhanges data(TCP/IP, NetBios) with some host within companyA's Premise protected by IPSec GateWay.
In above case, do we need to use L2TP additionally for intensifying security?
If so , can you tell me details?
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.