Encapsulation in VPN
in [Cisco]
|
Prev: enable cli command logging howto
Next: SPAM
From: Phillip Windell on 21 Dec 2009 10:08 "Bill Grant" <not.available(a)online> wrote in message news:uMOaD0PgKHA.1112(a)TK2MSFTNGP04.phx.gbl... > > I would say that PPTP maintains its popularity with small to medium > sized organisations because it does not require certificates. If you have > an established certificate system in your organisation (and a person > capable of maintaining it), L2TP is the obvious choice. Could use a pre-shared key for the L2TP which is about like using a password. However I just use PPTP being the small to medium size kinda guy that I am :-) -- Phillip Windell The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. -----------------------------------------------------
From: karthikbalaguru on 21 Dec 2009 19:13 On Dec 20, 2:54 pm, Rob <nom...(a)example.com> wrote: > karthikbalaguru <karthikbalagur...(a)gmail.com> wrote: > > On Dec 19, 10:22 pm, "Bob Lin \(MS-MVP\)" <nore...(a)chicagotech.net> > > wrote: > >> IPSec and PPTP are more popular. The PPTP is using for client to server. > >> IPSec can be used as cleint to server or site to site VPN. This search > >> result may help. > > > Thx for your response. But it seems that PPTP can support only one > > tunnel at a > > time for each user. Therefore, its proposed successor, L2TP (a hybrid > > of PPTP > > and another protocol, L2F ) can support multiple, simultaneous tunnels > > for > > each user. > > > So, shouldn't L2TP be popular ? > > I think you should know that "what is popular" is not determined by > what can do most, what is technically superior and other such reasons > that you run in to when you do a comparison of VPN technologies as > a technician. > > What is popular is determined by what sells best, or what is part of > something that already sells best. When it can do the job, it is used. > Yes, that is true. Agreed :-) Thinking on the similar lines, another query popped up in my mind. In the case of L2TP, Is it mandatory that in the 'voluntary tunnel mode', the tunnel should end at the remote client and in the 'compulsory tunnel mode', the tunnel should end at the ISP ? Are there no other scenarios with other endpoints ? Thx in advans, Karthik Balaguru
From: karthikbalaguru on 21 Dec 2009 19:52 On Dec 22, 5:13 am, karthikbalaguru <karthikbalagur...(a)gmail.com> wrote: > On Dec 20, 2:54 pm, Rob <nom...(a)example.com> wrote: > > > > > > > karthikbalaguru <karthikbalagur...(a)gmail.com> wrote: > > > On Dec 19, 10:22 pm, "Bob Lin \(MS-MVP\)" <nore...(a)chicagotech.net> > > > wrote: > > >> IPSec and PPTP are more popular. The PPTP is using for client to server. > > >> IPSec can be used as cleint to server or site to site VPN. This search > > >> result may help. > > > > Thx for your response. But it seems that PPTP can support only one > > > tunnel at a > > > time for each user. Therefore, its proposed successor, L2TP (a hybrid > > > of PPTP > > > and another protocol, L2F ) can support multiple, simultaneous tunnels > > > for > > > each user. > > > > So, shouldn't L2TP be popular ? > > > I think you should know that "what is popular" is not determined by > > what can do most, what is technically superior and other such reasons > > that you run in to when you do a comparison of VPN technologies as > > a technician. > > > What is popular is determined by what sells best, or what is part of > > something that already sells best. When it can do the job, it is used. > > Yes, that is true. Agreed :-) > Thinking on the similar lines, another query popped > up in my mind. In the case of L2TP, Is it mandatory > that in the 'voluntary tunnel mode', the tunnel should > end at the remote client and in the 'compulsory > tunnel mode', the tunnel should end at the ISP ? > > Are there no other scenarios with other endpoints ? > The 'Tunneling models' section in the below link clarifies it. http://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol Lemme know if there are other scenarios apart from those mentioned in the above link. Thx, Karthik Balaguru
From: Stefan Monnier on 2 Jan 2010 15:46 > IPSEC is very widely used for infrastructure VPNs and is not > proprietary. Cisco interoperates with Checkpoint interoperates with > Draytek interoperates with OpenVPN ....... Never found a problem in > dozens of cases. In which sense do they "interoperate"? > OpenVPN is proprietary and will not work with a Draytek router. In which sense is OpenVPN proprietary? > If you do not, setting up and maintaining this simply to support a few > dialup VPN clients is a big ask. Making a few changes to your firewall for > GRE is pretty minor by comparison. I went to the trouble of setting up a personal OpenVPN server (and corresponding clients) specifically because of the endless problems I had with firewalls when using PPTP (and I don't know about other people, but I can't make any change to most of the firewalls to which I'm exposed; and even when I could I still had problems when several machines within the same NAT subnet tried to use the same VPN). Stefan
From: alexd on 3 Jan 2010 15:36
Meanwhile, at the comp.dcom.sys.cisco Job Justification Hearings, Stefan Monnier chose the tried and tested strategy of: >> IPSEC is very widely used for infrastructure VPNs and is not >> proprietary. Cisco interoperates with Checkpoint interoperates with >> Draytek interoperates with OpenVPN ....... Never found a problem in >> dozens of cases. > > In which sense do they "interoperate"? Which 'they' are you referring to? >> OpenVPN is proprietary and will not work with a Draytek router. > > In which sense is OpenVPN proprietary? There's only one implementation of the OpenVPN protocol [that I know of - recompiling for different platforms and writing pretty front ends don't count as reimplementations in my book]. OpenVPN Solutions LLC [the copyright holder] are therefore in a position to dictate what the OpenVPN protocol consists of, for example, changing the default UDP port. Anyone can take the source and extend it in ways that make it incompatible with OpenVPN, at which point it's no longer OpenVPN. -- <http://ale.cx/> (AIM:troffasky) (UnSoEsNpEaTm(a)ale.cx) 20:09:39 up 37 days, 4 min, 5 users, load average: 0.00, 0.02, 0.05 DIMENSION-CONTROLLING FORT DOH HAS NOW BEEN DEMOLISHED, AND TIME STARTED FLOWING REVERSELY |