IETF Logo Mail Archive

RE: IPSec over L2TP tunnels for Remote users

Michael Choung Shieh <mshieh@netscreen.com> Wed, 23 May 2001 18:44 UTC

Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.9.3/8.9.3) with ESMTP id LAA09704; Wed, 23 May 2001 11:44:06 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id NAA09969 Wed, 23 May 2001 13:28:14 -0400 (EDT)
Message-ID: <9D048F4A422CD411A56500B0D0209C5B01028B94@NS-CA>
From: Michael Choung Shieh <mshieh@netscreen.com>
To: "'jayashreej@future.futsoft.com'" <jayashreej@future.futsoft.com>, ipsec@lists.tislabs.com
Subject: RE: IPSec over L2TP tunnels for Remote users
Date: Wed, 23 May 2001 10:30:33 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

I believe many vendors have done interoperability test with Win2k in vpn
backoff.  we Netscreen did.

L2tp over IPsec is to do L2TP over IPsec transport mode.  There is no need
to do IPsec tunnel mode since it will have duplicated outer ip address.

yes, Win2k take the assigned ip address from PPP.


Michael Shieh

-----Original Message-----
From: Jayashree J [mailto:jayashreej@future.futsoft.com]
Sent: Wednesday, May 23, 2001 6:12 AM
To: ipsec@lists.tislabs.com
Subject: IPSec over L2TP tunnels for Remote users



Hi,

I have some questions in implementing IPSec over L2TP for a security gateway
in case of a Remote User Access.
1) Has anyone done interop with Windows 2000 as a Remote Client?

2) It seems Windows 2000 operates only in transport mode for L2TP with
IPSec( in remote user scenario). Is it necessary to supprot transport mode
also in a security gateway to interop with Windows server?

3) In the above case how does Windows 2000 handle dynamic address received
from PPP negotiations (is it as per the
draft-ietf-l2tpext-security-02.txt>)?

Thanks,
Jayashree

v2.23.0 | Report a Bug | By Email