Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

basics logo Security Basics mailing list archives

RE: IPSec = L2TP?
From: Dave Killion <Dkillion () netscreen com>
Date: Tue, 30 Sep 2003 15:59:23 -0700
IPSec is not L2TP, however L2TP can ride *on top* of IPSec.

Any protocol can traverse IPSec, but it needs to be routed in order to
work, i.e. handed off to a gateway for processing.  You can't do IPSec
between two machines on the same layer 2 segment, which is what L2TP is
for.  L2TP over IPSec is a way for a remote machine on a completely
different IP network to appear to be on the same network as others - and
not being NAT'd.  The remote computer *knows* what the IP is, since it's
negotiated during the L2TP set up. L2TP shows up as an additional
interface with it's own IP.

Example:

   Machine A, Network A IP 
     (L2TP: Network B IP)                                     Network B
  (IPSEC out Network A's IP)======{Internet Cloud}=======(IPSec/L2TP
Gateway)

It looks like a direct-connect, and others on Network B see it as local.
The L2TP gateway accepts ARP's for it, and pass traffic back down the
L2TP-over-IPSEC tunnel.  This is useful mostly for Windows traffic,
which doesn't like to be NAT'd, and also spews out broadcast traffic -
Outlook new mail notifications come to mind.  Unix systems could care
less, and typically work great over standard IPSec without issue.

Basically, L2TP passes Layer 2 Broadcast traffic over a tunnel, whilst
IPSec does not.

I hope this information is helpful, 

Dave Killion 
Senior Security Engineer 
Security Group, NetScreen Technologies, Inc.



-----Original Message-----
From: Zachary Mutrux [mailto:zmutrux () compumentor org]
Sent: Tuesday, September 30, 2003 2:46 PM
To: Security-Basics
Subject: IPSec = L2TP?


Do most VPN solutions that use IPSec also use L2TP? Or are there other
protocols that also use IPSec? I see a lot of mention of IPSec in the
sales
literature but no mention of L2TP.

Thanks,

Zac

--
Zac Mutrux
Technology Consultant
CompuMentor
415-633-9437



------------------------------------------------------------------------
---
------------------------------------------------------------------------
----

Attachment: smime.p7s
Description:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]