[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Windows 2000 and Cicsco router interoperability
Glenn Zorn wrote:
> > L2TP over IPSEC also provides this functionality. I personally consider
> > L2TP+PPP overkill just to pass down an IP address to a remote client
> > so I have favored IPSEC with Mode Config instead of L2TP/PPP over IPSEC.
>
> L2TP does far more than 'just pass down an IP address to a remote client'.
I agree. It provides many capabilities between a LAC and LNS that are
well suited to "compulsory tunneling". However, I think placing a LAC on
every remote access client's laptop just to provide a tunneling protocol over
IPSEC is overkill. Hence _my_ preference for remote access solely via IPSEC.
>
> > Mode Config is dead in the IETF but many vendors, including your
> > former employer,
>
> Dan's former employer is my current employer.
OK.
>
> > are shipping Mode Config
>
> I consider Mode Config to be rather misbegotten.
Why?
>
> > to provide remote access
> > over IPSEC without the overhead of L2TP.
>
> What overhead are you talking about? Network overhead or processing?
Code size, complexity, and network overhead. Again, my opinion is that
L2TP is fine to aggregate multiple tunnels between LAC and LNS over a
variety of media including frame, ATM, and IP. I just think it is heavy-
weight solution to tunnel between a single remote station and a server
when IPSEC already provides a much simpler tunneling solution (albeit
with the omission of a basic configuration management protocol).
BTW, our product supports both IPSEC with Mode Config _and_ L2TP because
both are required by different sets of customers.
-Ben McCann
--
Ben McCann Indus River Networks
31 Nagog Park
Acton, MA, 01720
email: bmccann@indusriver.com web: www.indusriver.com
phone: (978) 266-8140 fax: (978) 266-8111
References: