Securing L2Tp And Ip Tunnels With Ipsec; L2Tp/Ipsec Tunnels - Juniper JUNOSE 11.2.X IP SERVICES Configuration Manual

For e series broadband services routers - ip services configuration

Hide thumbs

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

Table of Contents

L2TP/IPSec Tunnels

Negotiation of NAT-Traversal in the IKE—draft-ietf-ipsec-nat-t-ike-08.txt (July 2004

expiration)

UDP Encapsulation of IPsec ESP Packets—draft-ietf-ipsec-udp-encaps-09.txt

(November 2004 expiration)

NOTE: IETF drafts are valid for only 6 months from the date of issuance. They must be

considered as works in progress. Please refer to the IETF Web site at http://www.ietf.org

for the latest drafts.

For additional configuration information, see:

"Configuring IPSec" on page 119

"Configuring Digital Certificates" on page 205

"Configuring IP Tunnels" on page 237

L2TP Overview

L2TP/IPSec remote access allows clients to connect to a corporate VPN over the public

Internet with a secure connection. The L2TP tunnel runs on top of an IPSec transport

mode connection. The secure tunnel runs from the client PC to the E Series router that

terminates the secure tunnel. For example, using L2TP with IPSec enables B-RAS clients

to securely connect to a corporate or other VPN in addition to using another unsecured

connection to the Internet, depending on the client software capabilities.

On the router side of the L2TP connection, the E Series router acts as the LNS. On the

PC client side of the connection, the client acts as the LAC and runs the L2TP/IPSec

client software on supported platforms. (For a list of the supported platforms, see "Client

Software Supported" on page 279.) Both sides of the connection run IPSec in transport

mode with Encapsulating Security Payload (ESP) encryption and authentication.

In the model shown in Figure 22 on page 278, a client PC connects to its local provider,

who gives the client a public IP address. Using the public IP address, the client PC initiates

an IPSec connection toward the L2TP/IPSec gateway for the private network that it

wants to connect to. After establishing the IPSec connection, the client establishes an

L2TP tunnel to the same L2TP/IPSec gateway, which provides the client with another

IP interface to access the private network it is connecting to. The L2TP tunnel is completely

protected by the IPSec connection established earlier.

Chapter 12: Securing L2TP and IP Tunnels with IPSec

277

Table of Contents

This manual is also suitable for:

Junose 11.2.x

Securing L2Tp And Ip Tunnels With Ipsec; L2Tp/Ipsec Tunnels - Juniper JUNOSE 11.2.X IP SERVICES Configuration Manual

L2TP/IPSec Tunnels

Related Manuals for Juniper JUNOSE 11.2.X IP SERVICES

Related Content for Juniper JUNOSE 11.2.X IP SERVICES

This manual is also suitable for:

Table of Contents