VPN Tunneling Encapsulation Questions?
I was hoping someone might be able to clear up a few questions I have re: VPN & tunneling protocols. The TechExam notes says PPTP encapsulates PPP. When referring to VPNs, is it just assumed that PPP is present & is encapsulated (by PPTP or L2TP for example)? Would this be an accurate example of how encapsulated layers might look over a VPN? 1)IPX is the first encapsulated protocol, 2)PPP wraps around IPX, 3) L2TP & IPSEC combined wrap around PPP, 4) IP encapsulates the first three layers & acts as the carrier protocol? I get the impression that IPSEC isn't really a tunneling protocol & doesn't encapsulate PPTP or L2TP. Instead, it just enhances PPTP/L2TP security (i.e. you couldn' use only PPP & IPSEC, right)?
Comments
-
skrpune Member Posts: 1,409as far as I can tell, PPP is involved in dial up networking, while PPTP is used for creating VPNs. Some of the notes I have indicate that PPTP is just a tunneling version of PPP and that L2TP is an "extended" version of PPP.
I'm pretty sure that there's no PPP encapsulation involved if you've got L2TP or PPTP. Here's a breakdown of what I show for the VPN encryption protocols:
- IPSec: works at layer 3; encrypts & authenticates; used in VPNs...but not used to create a VPN as far as I can tell
- L2TP: supports non TCP/IP protocol VPNs; can connect router-to-router, client-to-RAS, router-to-RAS; extension of PPP
- PPTP: encryption protocol; creates secure VPN tunnel; encapsulation; supports TCP/IP, IPX/SPX, NetBEUI, AppleTalk
Now as for PPP, I show it as being a layer 2 protocol supporting DHCP, IP, IPX, NetBEUI & AppleTalk.Currently Studying For: Nothing (cert-wise, anyway)
Next Up: Security+, 291?
Enrolled in Masters program: CS 2011 expected completion -
dynamik Banned Posts: 12,312 ■■■■■■■■■□skrpune wrote:as far as I can tell, PPP is involved in dial up networking, while PPTP is used for creating VPNs. Some of the notes I have indicate that PPTP is just a tunneling version of PPP and that L2TP is an "extended" version of PPP.
It looks like PPTP actually tunnels PPP. PPP is also used for WAN links (i.e. two sites with a point-to-point T1). I actually thought like you did, that PPTP was tunneling variant of PPP, but the RFC says otherwise: http://tools.ietf.org/html/rfc2637skrpune wrote:I'm pretty sure that there's no PPP encapsulation involved if you've got L2TP or PPTP.
Looks like they both do. Check the Wikipedia (and subsequent RFCs if you're really bored) links below.skrpune wrote:Here's a breakdown of what I show for the VPN encryption protocols:
- IPSec: works at layer 3; encrypts & authenticates; used in VPNs...but not used to create a VPN as far as I can tell
- L2TP: supports non TCP/IP protocol VPNs; can connect router-to-router, client-to-RAS, router-to-RAS; extension of PPP
- PPTP: encryption protocol; creates secure VPN tunnel; encapsulation; supports TCP/IP, IPX/SPX, NetBEUI, AppleTalk
Now as for PPP, I show it as being a layer 2 protocol supporting DHCP, IP, IPX, NetBEUI & AppleTalk.
I don't know if I'd consider IPsec exclusively a layer-3 protocol. I've seen the same references you've no doubt looked at, and I'm a bit confused. It seems like AH, ESP, IKE, etc. which are part of the IPsec protocol suite would function at layers 5 and 6 as well. Maybe those are considered separately...
See this thread for related information and my comment about IPsec tunnels: http://techexams.net/forums/viewtopic.php?t=40830
More general info:
http://en.wikipedia.org/wiki/Point-to-point_tunneling_protocol
http://en.wikipedia.org/wiki/Ipsec
http://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol -
skrpune Member Posts: 1,409well, poopsicles, thought I understood VPN & the protocols. Thanks for the clarification & info & links dynamik, I'll add those to my things to review before the test...Currently Studying For: Nothing (cert-wise, anyway)
Next Up: Security+, 291?
Enrolled in Masters program: CS 2011 expected completion -
malcybood Member Posts: 900 ■■■□□□□□□□jeffslaw wrote:When referring to VPNs, is it just assumed that PPP is present & is encapsulated (by PPTP or L2TP for example)?
Yes, PPTP and L2TP are VPN tunneling protocols related to the PPP model.
PPTP is typically a dial up connection and the protocol that allows IP communication over a point to point link over a PSTN or ISDN circuit switched network. So an example of this is dialing up over an ISDN or analog modem line on your PC and connecting directly to a network access server in a HQ building to gain access to the corporate network
L2TP is slightly different. L2TP is a means of enabling end points i.e. modems, routers etc to make the same access connection to the network access server over a packet switched IP network.
An example of this would be an ADSL connection where your ADSL modem as opposed to dialling directly into the network access server in head office over a phone or ISDN line, it dials into some kind of concentrator such as an ADSL multiplexor (or MUX for short). The MUX then tunnels PPP packets to the network access server over an IP network i.e. the internet or frame relay etc.
This allows you to cut out the long distance costs of connecting over a dial up connection.jeffslaw wrote:I get the impression that IPSEC isn't really a tunneling protocol & doesn't encapsulate PPTP or L2TP. Instead, it just enhances PPTP/L2TP security (i.e. you couldn' use only PPP & IPSEC, right)?
IPSec fits into the above as follows.
IPSec AH/ESP is a security protocol that operates at layer 3 and only carries IP traffic not PPP.
It is not a tunneling protocol but operates under "tunnel mode" where one or both devices act as a security gateway (for example VPN concentrator or firewall). AH and ESP security protocols are used for authentication and integrity. AH doesn't handle encryption but ESP does.
IPSec tunnels use Internet Key Exchange (IKE) negotiation for setting up the tunnel by sending ISAKMP messages.
I'd encourage you to also check out some of the links the other guys have posted to the RFC documents.
Hope this helps
Malc -
dynamik Banned Posts: 12,312 ■■■■■■■■■□skrpune wrote:well, poopsicles, thought I understood VPN & the protocols. Thanks for the clarification & info & links dynamik, I'll add those to my things to review before the test...
You seem to have a good handle on things. Don't worry about mastering every little detail. There's only a few people here who are at that level (I'm NOT one of them), and the most important thing when you're getting started is to simply learn each technology's capabilities and limitations, and to develop a general understanding of how things work behind-the-scenes. You'll continue to pick up little details from that point on. And to be honest, I did spend a little time reviewing the details before I responded. -
skrpune Member Posts: 1,409dynamik wrote:skrpune wrote:well, poopsicles, thought I understood VPN & the protocols. Thanks for the clarification & info & links dynamik, I'll add those to my things to review before the test...
You seem to have a good handle on things. Don't worry about mastering every little detail. There's only a few people here who are at that level (I'm NOT one of them), and the most important thing when you're getting started is to simply learn each technology's capabilities and limitations, and to develop a general understanding of how things work behind-the-scenes. You'll continue to pick up little details from that point on. And to be honest, I did spend a little time reviewing the details before I responded.
I think for the time being I'll take your advice & focus on the basic characteristics of the protocols/VPNs and bookmark this page & the links for future reading after the test. I'd love to learn more about security protocols, and it seems like the N+ exam just barely skims the surface. Maybe I'll put Security+ on my list of certs...Currently Studying For: Nothing (cert-wise, anyway)
Next Up: Security+, 291?
Enrolled in Masters program: CS 2011 expected completion -
aordal Member Posts: 372When I was learning VPNs for N+ I found this link extremly helpful.
http://computer.howstuffworks.com/vpn.htm
Check it out. -
skrpune Member Posts: 1,409aordal wrote:When I was learning VPNs for N+ I found this link extremly helpful.
http://computer.howstuffworks.com/vpn.htm
Check it out.Currently Studying For: Nothing (cert-wise, anyway)
Next Up: Security+, 291?
Enrolled in Masters program: CS 2011 expected completion -
tdempsey Member Posts: 28 ■□□□□□□□□□Is to pick up a used Linksys BEFVP41 router off ebay and create a VPN gateway for your home network, then try connecting to it from outside using the Greenbow or other VPN client installed on a laptop. You might have to do some tweaking of your DSL/cable modem initially but these things are usually pretty well documented. What you learn about IPSec is 100% transferrable to enterprise IPSec connectivity. It works exactly the same just on a larger scale. Looks like the industry is making a strong move to SSL based VPNs though (except for site to site).