[vpn] L2TP over IPSEC? Advantage?
Paul Cardon
paul at moquijo.com
Mon Sep 10 15:18:03 EDT 2001
Patrick.Bryan at abbott.com wrote:
>
> I was recently reading that L2TP over IPSec was more secure than straight
> IPSec? Basically the publication was stating that a layer 2 protocol should be
> implemented with a layer 3 protocol such as IPSec. Is there merit to this
> claim?
More like L2TP over IPSec is more secure than straight L2TP.
Well, I don't believe the general statement that a layer 2 protocol
should be implemented with a layer 3 protocol. That by itself isn't
true. Due to flaws in L2TP specifically it is more secure encapsulated
in IPSec than straight L2TP. If L2TP didn't have these flaws and could
be used safely in all situations by itself then you certainly wouldn't
want to impose the additional overhead of gratuitously encapsulating it
in IPSec.
If you need to do IP only then I would recommend an IPSec solution. If
you need to handle other protocols like IPX then you will need something
like L2TP. Then according to your risk management philosophy and
policies you may need to further protect the L2TP tunnel with IPSec.
-paul
VPN is sponsored by SecurityFocus.com
More information about the VPN
mailing list