[vpn] L2TP over IPSEC? Advantage?

Eric Vyncke evyncke at cisco.com
Tue Sep 11 02:41:36 EDT 2001


In my opinion, the biggest advantage of IPSec protected L2TP is about ease 
of management for 100's of remote PC:
- L2TP encapsulates PPP and IPCP: dynamic & centralized configuration of IP 
address, DNS servers, WINS servers, ...
- L2TP encapsulates PPP and CHAP/EAP-TLS: possibility to execute a second 
authentication (distinct of the IKE authentication)

AFAIK, Win2K can use 2 certificates:
- machine based: for the IKE authentication
- user based: for the L2TP + EAP-TLS authentication

Whether this brings additional security is probably debatable.

Just my 0.01 EUR

-eric

At 10:06 10/09/2001 -0500, Patrick.Bryan at abbott.com wrote:
>I was recently reading that L2TP over IPSec was more secure than straight
>IPSec? Basically the publication was stating that a layer 2 protocol should be
>implemented with a layer 3 protocol such as IPSec. Is there merit to this
>claim?
>
>
>Thanks..
>
>
>VPN is sponsored by SecurityFocus.com


VPN is sponsored by SecurityFocus.com





More information about the VPN mailing list