Tunneling - little bit misty....

Discussion in 'Network+' started by morph, Jan 17, 2008.

  1. morph

    morph Byte Poster

    204
    3
    22
    Just wondering - i'm sort of brushing up on a few areas - now with VPN tunneling, you've got your L2TP, PPTP and Ipsec (i know there might be others but were looking at network +) - fully appreciate that IPsec is the industry standard and has the major benefits, but what i was wondering is would there be a posistion where by you would use PPTP over IPsec or L2TP over PPTP or vice versa etc ? I did search the forum for this and found the how stuff works article on VPN's - just wanted to try and expand a bit more on it!
     
    Certifications: Network +, ITIL Foundation, CCENT, CCNA
    WIP: server/ccna security
  2. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,624
    117
    224
    Normaly PPTP and L2TP are alternatives to each other. There is no requirement to run them over IPSec - you do this if you need security as well as the VPN.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  3. morph

    morph Byte Poster

    204
    3
    22
    Hi Harry, thanks for the reply - i dont think i made myself totally clear on that question actually - i sort of meant why would you use PPTP instead of IPsec or use L2TP instead of PPTP - i think i remeber reading that PPTP was a sort of cheap alternative to IPsec say, not sure about the finer details thought...:)
     
    Certifications: Network +, ITIL Foundation, CCENT, CCNA
    WIP: server/ccna security
  4. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,624
    117
    224
    PPTP/IPSec isn't an either/or. They aren't the same thing.

    PPTP is a tunneling protocol, with some encryption built in. IPSec is a secured version of IP, and far better encryption. You can use one, or the other, or both, depending on the requirements.

    PPTP is a non-standard (well - by IETF anyway) item built by Microsoft and others, L2TP is an open standard. L2TP does not include encryption, so if you need that you use IPSec.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  5. morph

    morph Byte Poster

    204
    3
    22
    Thanks again harry :) Been doing some reading around as well - getting it in to the old nogin :)
     
    Certifications: Network +, ITIL Foundation, CCENT, CCNA
    WIP: server/ccna security
  6. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,878
    181
    256
    Off the top of my head and it's been a while..

    PPTP is a tunneling protocol that has built in MPPE encryption.

    L2TP is a tunneling protocol that doesn't have built in encryption.

    Of the two L2TP is better.

    So, you can use L2TP with IPSec *combined* to get the best most secure solution.

    However.. your other devices, firewalls/NAT etc or whatever may not support the passthrough of one or the other tunneling protocols. So, you need to look at the network topology, specifically the devices in the path to the Internet before deciding which one to use.
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  7. morph

    morph Byte Poster

    204
    3
    22
    this is where i'm getting a bit hazy i think : i looked at this site

    http://compnetworking.about.com/od/vpn/a/vpn_tunneling.htm

    and at the end it said this:

    IPsec is actually a collection of multiple related protocols. It can be used as a complete VPN protocol solution, or it can used simply as the encryption scheme within L2TP or PPTP. IPsec exists at the network layer (Layer Three) of the OSI model.

    which sort of led me to think you can just run IPsec to create the tunnel and deal with the encryption by itself or just as the encryption for IP

    but have seen other websites that seemed to contradict this....then spoke to someone at work who said u have to run IPsec over L2TP - i may be looking to hard at this...gonna keep searching aournd on the internet :)
     
    Certifications: Network +, ITIL Foundation, CCENT, CCNA
    WIP: server/ccna security
  8. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,878
    181
    256
    I think some people (wrongly in my opinion) use the term IPSec interchangebly with L2TP/IPSec

    IPSec is *not* a tunneling protocol, in and of itself. It is encrypted IP.

    You do not have to run IPSec over L2TP. you can configure a whole network to talk to each other internally using IPSec encryption.

    If you want a VPN then yes you have to run it over L2TP because, as has already been stated PPTP has it's own encryption (MPPE).
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  9. morph

    morph Byte Poster

    204
    3
    22
    ah-ha! nice one dude!
     
    Certifications: Network +, ITIL Foundation, CCENT, CCNA
    WIP: server/ccna security

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.