Traffic Protection Using L2Tp Tunneling Protocol Overview; Vpn Tunnel Types Overview - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Traffic Protection Using L2TP Tunneling Protocol Overview

Related
Documentation

VPN Tunnel Types Overview

Copyright © 2010, Juniper Networks, Inc.
VPN Tunnel Types Overview on page 205
Layer 2 Tunneling Protocol (L2TP) is another tunneling protocol used to transmit data
securely across the Internet. Because L2TP can transport Point to Point Protocol (PPP)
frames over IP, it is often used to:
Establish PPP connections (For example, authenticate ADSL services using PPP for
users with an ISP at the opposite side of a Telco IP/ATM network
Transmit non-IP protocols (For example, bridge Novell and other network protocols)
PPP can send IP datagrams over a serial link, and it is often used to enable dial-up users
to connect to their ISP and to the Internet. PPP authenticates username and password,
and assigns parameters such as IP address, IP gateway, and DNS. PPP can also tunnel
non-IP traffic across a serial link, such as Novell IPX or Appletalk.
PPP is also useful because it can carry non-IP traffic and authenticate connections to
RADIUS servers. However, because PPP is not an IP protocol, Internet routers and switches
cannot route PPP packets. To route PPP packets, you use L2TP, which encapsulates
PPP packet inside an Internet routable, UDP packet. L2TP VPNs support remote access
service users using Password Authentication Protocol (PAP) and Challenge Handshake
Authentication Protocol (CHAP) authentication.
Using L2TP over AutoKey IKE
L2TP only transmits packets; for encryption, authentication, or other data protection
services, you must further encapsulate the L2TP packet using AutoKey IKE.
VPN Tunnel Types Overview on page 205
Defining VPN Checklist Overview on page 207
Traffic Protection Using IPsec Tunneling Protocol Overview on page 203
You can configure three types of VPN tunnels with NSM:
Policy-based VPNs—The VPN tunnel is created and maintained only during the transfer
of network traffic that matches a VPN rule, and it is torn down when the connection
ends. Use policy-based VPNs when you want to encrypt and authenticate certain types
of traffic between two VPN members.
Route-based VPNs—The VPN tunnel is created when the route is defined and is
maintained continuously. Use route-based VPNs when you want to encrypt and
authenticate all traffic between two VPN members. You cannot add RAS users in a
routing-mode VPN.
Chapter 7: Planning and Preparing VPNs
205