W. Mark Townsley wrote:
Rohit Gupta wrote:
Hi,
What is it in L2TP that i cant do with a simple GRE tunneling when
implementing a remote access
VPN for a mobile client to connect to the corporate network. In L2TP,
since it uses PPP
end-to-end, the LNS is able to supply dynamic IP address using IPCP to
the remote client. LNS
takes this IP address from a pool of IP addresses it has. If one were
to use GRE, then the same
can be done by using some out-of-band mechanism (or even have a fixed
IP address which the mobile
client is instructed to use). GRE will tunnel the data packet
originated from the mobile client,
the inner IP header will have the ip addresses as assigned by the
corporate network. The outer IP
header will contain the IP address of teh ISP and the gateway to reach
the corporate network.
GRE is an encapsulation. If you can manually provision or have some
other "out of band" mechanism that does everything L2TP and PPP would
otherwise do for you, then by all means use GRE - or IP in IP for that
matter as your scenario with fixed IP addresses for all mobile clients
(which I would think is a showstopper from the start) does not obviate
the need for a GRE shim either.
L2TP is an encapsulation that allows multiplexing of multiple PPP
sessions between two IP-connected endpoints, and a control protocol for
dynamically establishing and maintaining the emulation of these PPP
sessions. This is very different than GRE (though there are some ways to
deploy L2TP between two routers to make it look like it is doing what
GRE typically does in a bit more of a dynamic manner, though this is
really a subset of L2TP's overall functionality).
Since you indicate that this is for a mobile environment, you might want
to look at using Mobile IP.
My whole point is that i want to know as to what is the burning need
to have L2TP!
This question probably has more to do with whether you need PPP. If you
do, L2TP could work for you to transport that PPP session (or many PPP
sessions) over an IP network. If not, I see no reason for you to be
burning with need for L2TP!
- Mark
Mark
I think that the correct comparison in Rohit's case is not
between L2TP and GRE, but between L2TPv3 and GRE. As we both
know L2TPv3 is better suited to VPN apps than GRE because of
its highly functional control plane, and mild security
enhancements.
- Stewart
Regards,
Rohit
P.S.
Am not sure if this is indeed the right place to ask this question.
But since there will be a lot
of experienced people on this list who would have worked on both these
protocols, replying to this
one should be very easy.
__________________________________
Do you Yahoo!?
Yahoo! Mail - More reliable, more storage, less spam
http://mail.yahoo.com