L2TP OVERVIEW 18-May-05
Agenda • VPN • Tunneling • PPTP • L2F • LT2P
VPN • Virtual Private Network is a private network that uses a public network (usually the Internet) to connect remote sites or users together. Instead of using a dedicated connection such as leased line, a VPN uses “virtual” connections routed though the internet.
Tunneling • Tunneling is the transmission of data intended for use only within a private, usually corporate network through a public network in such a way that the routing nodes in the public network are unaware that the transmission is part of a private network.
Tunneling illustrated Step 2 Original IP packet encapsulated in another IP packet Original IP New IP packet Packet Workstation Tunnel Tunnel Router A Router B Y Original IP packet dest Y Workstation Step 3 Step 1. X Original packet extracted, sent to destination Original, unroutable Original IP packet dest Y IP Packet sent to router
Types of Tunneling • Two basic types of tunnels • Voluntary tunnels • Tunneling initiated by the end-user(Requires client software on remote computer) • Compulsory tunnels • Tunnel is created by NAS or router(Tunneling support required on NAS or Router)
Voluntary Tunnels (Cont.) • Will work with any network device • Tunneling transparent to leaf and intermediate devices • But user must have a tunneling client compatible with tunnel server • PPTP, L2TP, L2F, IPSEC, IP-IP, etc. • Simultaneous access to Intranet (via tunnel) and Internet possible • Employees can use personal accounts for corporate access • Remote office applications • Dial-up VPN’s for low traffic volumes
Compulsory Tunnels (Cont.) • Will work with any client • But NAS must support same tunnel method But… Tunneling transparent to intermediate routers • Network access controlled by tunnel server • User traffic can only travel through tunnel • Internet access possible • Must be by pre-defined facilities • Greater control • Can be monitored
Compulsory Tunnels (Cont.) • Static Tunnels • All calls from a given NAS/Router tunneled to a given server • Realm-based tunnels • Each tunnel based on information in NAI(I.e. user@realm) • User-based tunnels • Calls tunneled based on userID data stored in authentication system
PPTP • Point-to-point tunneling protocol
PPTP (Cont.) • PPP access by remote computers to a private network through the Internet 1. Remote user dials in to the local ISP network access server using PPP.
PPTP (Cont.) 2. The PAC establishes a control channel (TCP) across the PPP connection and through the internet to the PNS attached to the home network.
PPTP (Cont.) 3. Parameters for the PPTP channel are negotiated over the control channel, and the PPTP tunnel is established.
PPTP (Cont.) 4. A second PPP connection is made from the remote user, through the PPTP tunnel between the PAC and the PNS, and into the private networks NAS.
PPTP (Cont.) 5. IP datagrams or any other protocol’s datagrams are sent inside the PPP frames
L2F • Layer 2 Forwarding
L2F Tunnel is constructed from the service provider. • Remote user dials in to the local ISP network access server using PPP/SLIP.
L2F (Cont.) 2. L2F builds a tunnel from the NAS to the private network. Uses packet-oriented protocol that provides end-to-end connectivity, such as UDP, frame relay, etc. as the encapsulating protocol.
L2F (Cont.) 3. L2F establishes PPP connection between NAS and home gateway.
L2F (Cont.) 4. IP packets are sent over the PPP.
L2TP • Layer 2 Tunneling protocol