L2TP
L2TP is a protocol that is used to tunnel PPP over public network using IP.L2TP allows the encapsulation of any layer 3 protocol in its packets .The reason is tunnelling is done at layer 2 irrespective of layer 3 protocol.
How L2TP provides security
Like GRE , L2TP depends IPSec or any application layer mechanism to provide the type of security.
Devices in L2TP session :
=========================
PC , L2TP access concentrator (LAC),L2TP network server (LNS)
The PC establishes a connection to a server known as LAC using dial up , POTS and DSL .The LAC initiates L2TP session to LNS .Typically authentication,authorization and accounting of the end user are done on the LNS itself using AAA server or local database.
In running L2TP over IP backbone , UDP is used as carrier of all L2TP traffic which includes the control traffic of session between LAC and LNS.
The initiator of tunnel (LAC) uses UDP port 1701.
Types of L2TP tunnels :
========================
1 . Compulsory tunnelling – client is completely unaware of presence of L2TP connection
L2TP unaware client----------------------- LAC -------------------------LNS
|-----------------PPP-Data-----------------|------------L2TP-Data------------|
2 . voluntary tunnelling - client is aware of L2TP . After the PPP session with LAC , the client sends the L2TP traffic encapsulated in PPP to LNS through LAC. Here client plays the role of LAC.
L2TP Aware Client--------------LAC unware L2TP---------------------------LNS
|-------------PPP-L2TP-Data--------->|--------------L2TP-Data------------>|
Note :
In voluntary tunnelling ,LAC is unware of L2TP .
In compulsory tunnelling , SP must take care of maintenance of LAC devices known as Network Access server (NAS). Compulsory tunnelling hides the details of VPN connectivity from clients and
Effectively transfers the management control over the tunnels from clients to ISP
Two different messages used by L2TP :
=====================================
1 . control messages -L2TP passes control and data messages over separate control and data tunnels.
2 . Data messages – are used to encapsulate the PPP frames that are sent over L2TP tunnels.
L2TP uses registered UDP data prot 1701 . The initiator selects available port no as source port and 1701 as destination port. The initiator sends L2TP packets to establish session . In reply , the destination port is same as source port of packets from initiator.
In CISCO IOS , both source and destination port are set to 1701.
Note : Layer 2 Forwarding (L2F) protocol and L2TP use the same UDP port no. The version field in the header is used to discriminate between L2F and L2TP.
L2F uses 1 and L2TP uses 2.
How L2TP provides security
Like GRE , L2TP depends IPSec or any application layer mechanism to provide the type of security.
Devices in L2TP session :
=========================
PC , L2TP access concentrator (LAC),L2TP network server (LNS)
The PC establishes a connection to a server known as LAC using dial up , POTS and DSL .The LAC initiates L2TP session to LNS .Typically authentication,authorization and accounting of the end user are done on the LNS itself using AAA server or local database.
In running L2TP over IP backbone , UDP is used as carrier of all L2TP traffic which includes the control traffic of session between LAC and LNS.
The initiator of tunnel (LAC) uses UDP port 1701.
Types of L2TP tunnels :
========================
1 . Compulsory tunnelling – client is completely unaware of presence of L2TP connection
L2TP unaware client----------------------- LAC -------------------------LNS
|-----------------PPP-Data-----------------|------------L2TP-Data------------|
2 . voluntary tunnelling - client is aware of L2TP . After the PPP session with LAC , the client sends the L2TP traffic encapsulated in PPP to LNS through LAC. Here client plays the role of LAC.
L2TP Aware Client--------------LAC unware L2TP---------------------------LNS
|-------------PPP-L2TP-Data--------->|--------------L2TP-Data------------>|
Note :
In voluntary tunnelling ,LAC is unware of L2TP .
In compulsory tunnelling , SP must take care of maintenance of LAC devices known as Network Access server (NAS). Compulsory tunnelling hides the details of VPN connectivity from clients and
Effectively transfers the management control over the tunnels from clients to ISP
Two different messages used by L2TP :
=====================================
1 . control messages -L2TP passes control and data messages over separate control and data tunnels.
2 . Data messages – are used to encapsulate the PPP frames that are sent over L2TP tunnels.
L2TP uses registered UDP data prot 1701 . The initiator selects available port no as source port and 1701 as destination port. The initiator sends L2TP packets to establish session . In reply , the destination port is same as source port of packets from initiator.
In CISCO IOS , both source and destination port are set to 1701.
Note : Layer 2 Forwarding (L2F) protocol and L2TP use the same UDP port no. The version field in the header is used to discriminate between L2F and L2TP.
L2F uses 1 and L2TP uses 2.
-testing-
ReplyDelete