Stewart Bryant wrote:
W. Mark Townsley wrote:
Rohit Gupta wrote:
Hi,
What is it in L2TP that i cant do with a simple GRE tunneling when
implementing a remote access
VPN for a mobile client to connect to the corporate network. In L2TP,
since it uses PPP
end-to-end, the LNS is able to supply dynamic IP address using IPCP
to the remote client. LNS
takes this IP address from a pool of IP addresses it has. If one were
to use GRE, then the same
can be done by using some out-of-band mechanism (or even have a fixed
IP address which the mobile
client is instructed to use). GRE will tunnel the data packet
originated from the mobile client,
the inner IP header will have the ip addresses as assigned by the
corporate network. The outer IP
header will contain the IP address of teh ISP and the gateway to
reach the corporate network.
GRE is an encapsulation. If you can manually provision or have some
other "out of band" mechanism that does everything L2TP and PPP would
otherwise do for you, then by all means use GRE - or IP in IP for that
matter as your scenario with fixed IP addresses for all mobile clients
(which I would think is a showstopper from the start) does not obviate
the need for a GRE shim either.
L2TP is an encapsulation that allows multiplexing of multiple PPP
sessions between two IP-connected endpoints, and a control protocol
for dynamically establishing and maintaining the emulation of these
PPP sessions. This is very different than GRE (though there are some
ways to deploy L2TP between two routers to make it look like it is
doing what GRE typically does in a bit more of a dynamic manner,
though this is really a subset of L2TP's overall functionality).
Since you indicate that this is for a mobile environment, you might
want to look at using Mobile IP.
My whole point is that i want to know as to what is the burning need
to have L2TP!
This question probably has more to do with whether you need PPP. If
you do, L2TP could work for you to transport that PPP session (or many
PPP sessions) over an IP network. If not, I see no reason for you to
be burning with need for L2TP!
- Mark
Mark
I think that the correct comparison in Rohit's case is not
between L2TP and GRE, but between L2TPv3 and GRE. As we both
know L2TPv3 is better suited to VPN apps than GRE because of
its highly functional control plane, and mild security
enhancements.
I was under the impression during this thread that Rohit was referring to L2TP
as defined in RFC2661, not L2TPv3 (currently
draft-ietf-l2tpext-l2tp-base-11.txt) which is certainly not so closely tied to PPP.
Thanks,
- Mark
- Stewart
Regards,
Rohit
P.S.
Am not sure if this is indeed the right place to ask this question.
But since there will be a lot
of experienced people on this list who would have worked on both
these protocols, replying to this
one should be very easy.
__________________________________
Do you Yahoo!?
Yahoo! Mail - More reliable, more storage, less spam
http://mail.yahoo.com