Product specifications

Efficient Networks
®
Router family
Command Line Interface Guide
Chapter 6: Connection Management
Efficient Networks
®
Page 6-49
Technology Standards
IPSec
This protocol encrypts each IP packet that is destined for a tunnel and puts new
header information on it to transport it to its destination. The new header information
is what creates the "tunnel" effect. This protocol can create a tunnel and encrypt data,
but only IP packets can be encrypted and transported. No other protocols are
transported through the tunnel.
L2TP (Layer-2 Tunneling Protocol)
Cisco (L2F) and Microsoft (PPTP) agreed to standardize their two tunneling protocols
by joining them into a common standard protocol. That protocol is L2TP. The L2TP
protocol creates a tunnel between two endpoints and allows a PPP session to be
created within it. The L2TP protocol manages the tunnel in a way that makes it
transparent to the PPP session inside of it. L2TP clients are like "dial-up" users, and
L2TP servers are like access concentrators (modem banks). Once the connection is
"dialed", authenticated, and connected, data starts to flow through the tunnel in much
the same manner as a modem dial-up, except that the call is placed through the
Internet (IP network) instead of the PSTN (telephone network).
PPP (Point-to-Point Protocol)
PPP is used primarily for dial-up access right now because it allows for the dynamic
negotiation of link parameters during the link establishment phase. This simplifies
interoperability among dial-up devices. PPP provides the following benefits:
Authentication: Tunnel users can be authenticated, so that only authorized tunnel
clients are accepted by the tunnel server.
Dynamic IP: An IP address can be dynamically assigned to the tunnel client when the
tunnel is created. This conserves IP addresses because they can be issued out of a
pool and recycled. PPP is currently used in this manner with dial-up users.
Multiple protocol support: Multiple LAN protocols (IP, IPX, Appletalk, and Bridging)
can be transported on the same link.
Data and header compression: Van Jacobson header compression and STAC data
compression can only be used in conjunction with PPP. Up to 5 times more data can
be transferred by using compression.
DES Encryption
IPSec has encryption built into it, therefore, the data being transported is kept private
while it is on the public Internet. L2TP does not encrypt the data as part of the tunnel
management, so the data being transported in an L2TP tunnel must be encrypted
before entering the tunnel. DES encryption is a United States Department of Defense
standard for encryption that is widely deployed and comes in different strengths (40
bit, 56 bit, 128 bit, and triple DES). DES can encrypt any LAN protocol.