[vpn] L2TP over IPSEC? Advantage?
Eric Vyncke
evyncke at cisco.com
Tue Sep 11 02:41:36 EDT 2001
In my opinion, the biggest advantage of IPSec protected L2TP is about ease
of management for 100's of remote PC:
- L2TP encapsulates PPP and IPCP: dynamic & centralized configuration of IP
address, DNS servers, WINS servers, ...
- L2TP encapsulates PPP and CHAP/EAP-TLS: possibility to execute a second
authentication (distinct of the IKE authentication)
AFAIK, Win2K can use 2 certificates:
- machine based: for the IKE authentication
- user based: for the L2TP + EAP-TLS authentication
Whether this brings additional security is probably debatable.
Just my 0.01 EUR
-eric
At 10:06 10/09/2001 -0500, Patrick.Bryan at abbott.com wrote:
>I was recently reading that L2TP over IPSec was more secure than straight
>IPSec? Basically the publication was stating that a layer 2 protocol should be
>implemented with a layer 3 protocol such as IPSec. Is there merit to this
>claim?
>
>
>Thanks..
>
>
>VPN is sponsored by SecurityFocus.com
VPN is sponsored by SecurityFocus.com
More information about the VPN
mailing list