l2tp overview

1

L2TP OVERVIEW

18-May-05

2

Agenda VPN Tunneling PPTP L2F LT2P

3

VPN Virtual Private Network is a private

network that uses a public network (usually the Internet) to connect remote sites or users together. Instead of using a dedicated connection such as leased line, a VPN uses “virtual” connections routed though the internet.

4

Tunneling Tunneling is the transmission of

data intended for use only within a private, usually corporate network through a public network in such a way that the routing nodes in the public network are unaware that the transmission is part of a private network.

5

Tunneling illustrated

Router A

Workstation X

Router BWorkstation

Y

Original IPpacket dest Y

Step 1.Original, unroutable

IP Packet sent to router

Step 2Original IP

packetencapsulatedin another IP

packetOriginal IP

packetNew IPPacket

Tunnel

Step 3Original packetextracted, sentto destination

Original IPpacket dest Y

Tunnel

6

Types of Tunneling Two basic types of tunnels

Voluntary tunnels Tunneling initiated by the end-user

(Requires client software on remote computer) Compulsory tunnels

Tunnel is created by NAS or router(Tunneling support required on NAS or Router)

7

Voluntary Tunnels

Dial IP Access

PPP access protocol

Dial Access Provider VPN Service

Dial AccessServer

PPTP AccessServerClient Host Serial Interface

PPTP Virtual Interface

8

Voluntary Tunnels (Cont.) Will work with any network device

Tunneling transparent to leaf and intermediate devices

But user must have a tunneling client compatible with tunnel server

PPTP, L2TP, L2F, IPSEC, IP-IP, etc. Simultaneous access to Intranet (via tunnel)

and Internet possible Employees can use personal accounts for corporate

access Remote office applications

Dial-up VPN’s for low traffic volumes

9

Compulsory Tunnels

L2TPV.x modem protocol

PPP access protocol

Dial Access Provider Internet or VPN Service

Non-routedforwarding path

Dial AccessServer

L2TP AccessServerClient Host

10

Compulsory Tunnels (Cont.) Will work with any client But NAS must support same tunnel method

But… Tunneling transparent to intermediate routers Network access controlled by tunnel server

User traffic can only travel through tunnel Internet access possible

Must be by pre-defined facilities Greater control Can be monitored

11

Compulsory Tunnels (Cont.) Static Tunnels

All calls from a given NAS/Router tunneled to a given server

Realm-based tunnels Each tunnel based on information in NAI

(I.e. user@realm) User-based tunnels

Calls tunneled based on userID data stored in authentication system

12

PPTP Point-to-point tunneling protocol

13

PPTP (Cont.)

PPP access by remote computers to a private network through the Internet

1. Remote user dials in to the local ISP network access server using PPP.

14

PPTP (Cont.)

2. The PAC establishes a control channel (TCP) across the PPP connection and through the internet to the PNS attached to the home network.

15

PPTP (Cont.)

3. Parameters for the PPTP channel are negotiated over the control channel, and the PPTP tunnel is established.

16

PPTP (Cont.)

4. A second PPP connection is made from the remote user, through the PPTP tunnel between the PAC and the PNS, and into the private networks NAS.

17

PPTP (Cont.)

5. IP datagrams or any other protocol’s datagrams are sent inside the PPP frames

18

L2F Layer 2 Forwarding

19

L2F

Tunnel is constructed from the service provider.1. Remote user dials in to the local ISP network

access server using PPP/SLIP.

20

L2F (Cont.)

2. L2F builds a tunnel from the NAS to the private network.

Uses packet-oriented protocol that provides end-to-end connectivity, such as UDP, frame relay, etc. as the encapsulating protocol.

21

L2F (Cont.)

3. L2F establishes PPP connection between NAS and home gateway.

22

L2F (Cont.)

4. IP packets are sent over the PPP.

23

L2TP Layer 2 Tunneling protocol

24

L2TP