Re: PPP over IPSec (without L2TP)?
David Chen <dchen@indusriver.com> Tue, 19 October 1999 18:34 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id LAA03836; Tue, 19 Oct 1999 11:34:43 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id MAA21823 Tue, 19 Oct 1999 12:58:21 -0400 (EDT)
Message-Id: <4.2.0.58.19991019130241.00a59f00@pop3.indusriver.com>
X-Sender: dchen@pop3.indusriver.com
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58
Date: Tue, 19 Oct 1999 13:05:14 -0400
To: Ari Huttunen <Ari.Huttunen@datafellows.com>
From: David Chen <dchen@indusriver.com>
Subject: Re: PPP over IPSec (without L2TP)?
Cc: ietf-ipsra@vpnc.org, ipsec@lists.tislabs.com
In-Reply-To: <380C973C.FD1B3036@DataFellows.com>
References: <4.2.0.58.19991019095359.00a905c0@pop3.indusriver.com>
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="=====================_431373011==_.ALT"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
At 07:07 PM 10/19/99 +0300, you wrote: >David Chen wrote: > > > At 12:02 PM 10/14/99 +0300, you wrote: > > >Microsoft's position regarding L2TP is according to > > >http://www.microsoft.com/windows/server/Technical/networking/NWPriv.asp > > >(partly) the following: > > > > > >L2TP is a well-defined, interoperable protocol that addresses the current > > >shortcomings of IPSec-only client-to-gateway and gateway-to-gateway > > >scenarios (user authentication, tunnel IP address assignment, and > > >multiprotocol support). L2TP has broad vendor support, particularly among > > >the largest network access equipment providers, and has verified > > >interoperability. By placing L2TP as payload within an IPSec packet, > > >communications benefit from the standards-based encryption and > authenticity of > > >IPSec, while also receiving a highly interoperable way to accomplish user > > >authentication, tunnel address assignment, multiprotocol support, and > > >multicast support using PPP. This combination is commonly referred to as > > >L2TP/IPSec. Lacking a better pure IPSec standards solution, Microsoft > > >believes that L2TP/IPSec provides the best standards based solution for > > >multi-vendor, interoperable client-to-gateway VPN scenarios. Microsoft is > > >working closely with key networking vendors including Cisco, 3Com, > > >Lucent and IBM, to support this important combination. > > > > > >I agree that having PPP gives us the stated benefits (and more?). However, > > >I fail to see why there > > >is a need to have an L2TP (and UDP) layer(s) between PPP and IPSec. As I > > >understand > > >L2TP, it would give us two benefits a) being able to tunnel PPP over > > >several links, which > > >IPSec already gives us, and b) being able to specify telephone world > > >things like calling / > > >called numbers and call failures due to a busy tone, which in a general IP > > >world are non-relevant. > > > > > >I agree that a lot of Internet connectivity is through a telephone > > >network, but the calling numbers > > >should not be relied on for any sort of identification, despite what the > > >telephone world people > > >would like to convince people to believe. The only valid usage for > > >telephone numbers that > > >I see is call charging, but the ISPs are free to use L2TP for that purpose > > >without there being > > >any need for IPSec security gateways or IPSec hosts knowing or even caring > > >about it. > > > > > >So, please show me what benefits PPP over L2TP over IPSec provides when > > >compared > > >to just running PPP over IPSec? If there are some, which is possible, > > >wouldn't it be > > >better to enhance IPSec protocol(s) to enable the same, instead of having > > >L2TP? It is better, if IPSec has all PPP features. Why bother with L2TP? If you like to "enhance IPSec protocol(s)" --- David > > The last sentence is ???? > > If you like to improve IPSec, why bother L2TP? > > Just put all PPP features into IPSec. :-) > > This is not a good logic. > > --- David > >Pardon? I fail to parse that.. What do you mean? > >Ari > > > > > > > > >-- > > >Ari Huttunen phone: +358 9 859 900 > > >Senior Software Engineer fax : +358 9 8599 0452 > > > > > >Data Fellows Corporation http://www.DataFellows.com > > > > > >F-Secure products: Integrated Solutions for Enterprise Security > >-- >Ari Huttunen phone: +358 9 859 900 >Senior Software Engineer fax : +358 9 8599 0452 > >Data Fellows Corporation http://www.DataFellows.com > >F-Secure products: Integrated Solutions for Enterprise Security
- PPP over IPSec (without L2TP)? Ari Huttunen
- RE: PPP over IPSec (without L2TP)? Shriver, John
- Re: PPP over IPSec (without L2TP)? Ari Huttunen
- Re: PPP over IPSec (without L2TP)? Scott G. Kelly
- Re[2]: PPP over IPSec (without L2TP)? Jim Tiller
- Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- RE: Re[2]: PPP over IPSec (without L2TP)? Shriver, John
- RE: Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- Re[2]: PPP over IPSec (without L2TP)? Jim Tiller
- Re[6]: PPP over IPSec (without L2TP)? Jim Tiller
- Re[4]: PPP over IPSec (without L2TP)? Jim Tiller
- RE: Re[4]: PPP over IPSec (without L2TP)? Shriver, John
- Re: PPP over IPSec (without L2TP)? Scott G. Kelly
- Re: PPP over IPSec (without L2TP)? Pyda Srisuresh
- RE: Re[2]: PPP over IPSec (without L2TP)? Bernard Aboba
- Re: PPP over IPSec (without L2TP)? Ari Huttunen
- RE: Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- RE: Re[2]: PPP over IPSec (without L2TP)? Pyda Srisuresh
- RE: Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- RE: Re[2]: PPP over IPSec (without L2TP)? Pyda Srisuresh
- RE: Re[2]: PPP over IPSec (without L2TP)? Stephen Kent
- Re: PPP over IPSec (without L2TP)? Paul Koning
- Re: PPP over IPSec (without L2TP)? Ari Huttunen
- Re: PPP over IPSec (without L2TP)? David Chen
- Re: PPP over IPSec (without L2TP)? Ari Huttunen
- Re: PPP over IPSec (without L2TP)? David Chen