[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPSec over L2TP tunnels for Remote users

To: "Michael Choung Shieh" <mshieh@netscreen.com>, <jayashreej@future.futsoft.com>, <ipsec@lists.tislabs.com>
Subject: RE: IPSec over L2TP tunnels for Remote users
From: "Rob Trace" <robt@windows.microsoft.com>
Date: Wed, 23 May 2001 17:51:05 -0700
Sender: owner-ipsec@lists.tislabs.com
Thread-Index: AcDj5eDPhR/rTsUXSNWEdeJYNj2AMgAAQqdg
Thread-Topic: IPSec over L2TP tunnels for Remote users

Hi Michael,

Microsoft has done quite a bit of interop testing both in house and at
the various bakeoffs.  We try to make sure that our version is
compatible with as many gateways as possible.

The Windows 2000 L2TP implementation requests an IPSEC transport mode
policy only.  It is possible to create a custom IPSEC policy for an L2TP
connection in Windows 2000 that could include IPSEC tunnel mode but that
is not supported by Microsoft.  See
http://support.microsoft.com/support/kb/articles/Q240/2/62.ASP?LN=EN-US&
SD=gn&FR=0&qry=prohibitipsec&rnk=1&src=DHCS_MSPSS_gn_SRCH&SPR=WIN2000
for more details.

We use the address that is received in IPCP to create an adapter for
sending and receiving traffic over the tunnel.

Please let me know if you have any other questions.

Thanks!!

-Robt 

-----Original Message-----
From: Michael Choung Shieh [mailto:mshieh@netscreen.com] 
Sent: Wednesday, May 23, 2001 10:31 AM
To: 'jayashreej@future.futsoft.com'; ipsec@lists.tislabs.com
Subject: RE: IPSec over L2TP tunnels for Remote users


I believe many vendors have done interoperability test with Win2k in vpn
backoff.  we Netscreen did.

L2tp over IPsec is to do L2TP over IPsec transport mode.  There is no
need
to do IPsec tunnel mode since it will have duplicated outer ip address.

yes, Win2k take the assigned ip address from PPP.


Michael Shieh

-----Original Message-----
From: Jayashree J [mailto:jayashreej@future.futsoft.com]
Sent: Wednesday, May 23, 2001 6:12 AM
To: ipsec@lists.tislabs.com
Subject: IPSec over L2TP tunnels for Remote users



Hi,

I have some questions in implementing IPSec over L2TP for a security
gateway
in case of a Remote User Access.
1) Has anyone done interop with Windows 2000 as a Remote Client?

2) It seems Windows 2000 operates only in transport mode for L2TP with
IPSec( in remote user scenario). Is it necessary to supprot transport
mode
also in a security gateway to interop with Windows server?

3) In the above case how does Windows 2000 handle dynamic address
received
from PPP negotiations (is it as per the
draft-ietf-l2tpext-security-02.txt>)?

Thanks,
Jayashree

Prev by Date: RE: IPSec over L2TP tunnels for Remote users
Next by Date: Re: Cryptographic evaluation of IPSec
Prev by thread: RE: IPSec over L2TP tunnels for Remote users
Next by thread: NAT traversal clarification?
Index(es):
- Main
- Thread