Table of Contents
Advertisement
Network and Security Manager Administration Guide
Choosing a VPN Tunnel Type
534
Using L2TP
Layer 2 Tunneling Protocol (L2TP) is another tunneling protocol used to transmit data
securely across the Internet. Because L2TP can transport Point to Point Protocol (PPP)
frames over IP, it is often used to:
Establish PPP connections (Example: authenticate ADSL services using PPP for users
with an ISP at the opposite side of a Telco IP/ATM network
Transmit non-IP protocols (Example: bridge Novell and other network protocols)
PPP can send IP datagrams over a serial link, and is often used to enable dial-up users
to connect to their ISP and to the Internet. PPP authenticates username and password,
and assigns parameters such as IP address, IP gateway, and DNS. PPP can also tunnel
non-IP traffic across a serial link, such as Novell IPX or Appletalk.
PPP is also useful because it can carry non-IP traffic and authenticate connections to
RADIUS servers. However, because PPP is not an IP protocol, Internet routers and switches
cannot route PPP packets. To route PPP packets, you use L2TP, which encapsulates
PPP packet inside an Internet routeable, UDP packet. L2TP VPNs supports remote access
service users using Password Authentication Protocol (PAP) and Challenge Handshake
Authentication Protocol (CHAP) authentication.
Using L2TP Over AutoKey IKE
L2TP only transmits packets; for encryption, authentication, or other data protection
services, you must further encapsulate the L2TP packet using AutoKey IKE.
You can configure three types of VPN tunnels with NSM:
Policy-based VPNs—The VPN tunnel is created and maintained only during the transfer
of network traffic that matches a VPN rule, and is torn down when the connection
ends. Use policy-based VPNs when you want to encrypt and authenticate certain types
of traffic between two VPN members.
Route-based VPNs—The VPN tunnel is created when the route is defined and is
maintained continuously. Use route-based VPNs when you want to encrypt and
authenticate all traffic between two VPN members. You cannot add RAS users in a
routing-mode VPN.
Mixed-mode VPNs—Connects policy-based VPNs to route-based VPNs in a
mixed-mode VPN. You cannot add RAS users in a mixed-mode VPN.
The following sections detail Policy-based and Route-based VPN types.
About Policy-Based VPNs
A policy-based VPN tunnels traffic between two security devices or between one security
device and a remote user. Each time a security device detects traffic that matches the
from zone, source, to zone, destination, and service in the VPN rule, it creates the VPN
tunnel to encrypt, authenticate, and send the data to the specified destination. When no
traffic matches the VPN rule, the firewall tears down the VPN tunnel.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 and is the answer not in the manual?
Questions and answers