l2tp overview
Download
Report
Transcript l2tp overview
L2TP OVERVIEW
18-May-05
1
Agenda
VPN
Tunneling
PPTP
L2F
LT2P
2
VPN
Virtual Private Network is a private
network that uses a public network
(usually the Internet) to connect remote
sites or users together. Instead of using
a dedicated connection such as leased
line, a VPN uses “virtual” connections
routed though the internet.
3
Tunneling
Tunneling is the transmission of data
intended for use only within a private,
usually corporate network through a
public network in such a way that the
routing nodes in the public network are
unaware that the transmission is part of
a private network.
4
Tunneling illustrated
Step 2
Original IP
packet
encapsulated
in another IP
packet
Original IP
packet
Router A
Workstation
X
Original IP
packet dest Y
New IP
Packet
Tunnel
Tunnel
Router B
Step 1.
Step 3
Original, unroutable
IP Packet sent to router
Original packet
extracted, sent
to destination
Original IP
packet dest Y
Workstation
Y
5
Types of Tunneling
Two basic types of tunnels
Voluntary tunnels
Tunneling initiated by the end-user
(Requires client software on remote computer)
Compulsory tunnels
Tunnel is created by NAS or router
(Tunneling support required on NAS or Router)
6
Voluntary Tunnels
PPTP Virtual Interface
PPP access protocol
Dial IP Access
Client Host
Serial Interface
Dial Access
Server
Dial Access Provider
PPTP Access
Server
VPN Service
7
Voluntary Tunnels (Cont.)
Will work with any network device
But user must have a tunneling client compatible with
tunnel server
Tunneling transparent to leaf and intermediate devices
PPTP, L2TP, L2F, IPSEC, IP-IP, etc.
Simultaneous access to Intranet (via tunnel) and
Internet possible
Employees can use personal accounts for corporate access
Remote office applications
Dial-up VPN’s for low traffic volumes
8
Compulsory Tunnels
PPP access protocol
V.x modem protocol
L2TP
Dial Access
Server
Client Host
L2TP Access
Server
Non-routed
forwarding path
Dial Access Provider
Internet or VPN Service
9
Compulsory Tunnels (Cont.)
Will work with any client
But NAS must support same tunnel method
But… Tunneling transparent to intermediate routers
Network access controlled by tunnel server
User traffic can only travel through tunnel
Internet access possible
Must be by pre-defined facilities
Greater control
Can be monitored
10
Compulsory Tunnels (Cont.)
Static Tunnels
Realm-based tunnels
All calls from a given NAS/Router tunneled to a
given server
Each tunnel based on information in NAI
(I.e. user@realm)
User-based tunnels
Calls tunneled based on userID data stored in
authentication system
11
PPTP
Point-to-point tunneling protocol
12
PPTP (Cont.)
PPP access by remote computers to a private
network through the Internet
1.
Remote user dials in to the local ISP network
access server using PPP.
13
PPTP (Cont.)
2.
The PAC establishes a control channel (TCP)
across the PPP connection and through the internet
to the PNS attached to the home network.
14
PPTP (Cont.)
3.
Parameters for the PPTP channel are negotiated
over the control channel, and the PPTP tunnel is
established.
15
PPTP (Cont.)
4.
A second PPP connection is made from the
remote user, through the PPTP tunnel between the
PAC and the PNS, and into the private networks NAS.
16
PPTP (Cont.)
5.
IP datagrams or any other protocol’s datagrams
are sent inside the PPP frames
17
L2F
Layer 2 Forwarding
18
L2F
Tunnel is constructed from the service provider.
1.
Remote user dials in to the local ISP network
access server using PPP/SLIP.
19
L2F (Cont.)
2.
L2F builds a tunnel from the NAS to the private network.
Uses packet-oriented protocol that provides end-to-end
connectivity, such as UDP, frame relay, etc. as the
encapsulating protocol.
20
L2F (Cont.)
3. L2F establishes PPP connection between NAS and
home gateway.
21
L2F (Cont.)
4. IP packets are sent over the PPP.
22
L2TP
Layer 2 Tunneling protocol
23
L2TP
24