Compatibility And Requirements; Client Software Supported; Interactions With Nat; Interaction Between Ipsec And Ppp - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 Configuration Manual

Compatibility and Requirements

Copyright © 2010, Juniper Networks, Inc.

Figure 24: L2TP Control Frame Encapsulated by IPSec

Figure 25 on page 279 is an L2TP data frame encapsulated by IPSec. The shaded area
shows the encrypted portion of the frame.

Figure 25: L2TP Data Frame Encapsulated by IPSec

This section covers various compatibility issues and requirements for the L2TP/IPSec
traffic.

Client Software Supported

The L2TP/IPSec software supports the following client PC operating systems and L2TP
and IPSec applications:
Windows 2000 and Windows XP running built-in IPSec VPN software
Microsoft L2TP/IPSec VPN client for Windows NT, Windows 98, and Windows Me
SafeNet client software
Mac OS X version 10.3 or higher

Interactions with NAT

There are two ways that you can configure E Series routers to interact with Network
Address Translation (NAT) devices in the network:
Configure the router to run in NAT passthrough mode by using the application
l2tp-nat-passthrough command. For information, see "NAT Passthrough Mode" on
page 280 .
Configure the virtual router to enable NAT Traversal (NAT-T) by using the ipsec option
nat-t command. For information, see "NAT Traversal" on page 280 .

Interaction Between IPSec and PPP

PPP defines the Compression Control Protocol (CCP) and the Encryption Control Protocol
(ECP) modes. These modes are currently not supported in the E Series router. There is
no interaction related to encryption directives between IPSec and PPP.
Chapter 12: Securing L2TP and IP Tunnels with IPSec
279