3com 3031 Instruccion De Instalación
Basic Networking Application of VPN
875
Tunnel implementation is regulated by protocols. Tunnel protocols can be divided
into layer 2 tunneling protocols and layer 3 tunneling protocols depending on the
layer of the OSI model at which the tunneling is implemented.
into layer 2 tunneling protocols and layer 3 tunneling protocols depending on the
layer of the OSI model at which the tunneling is implemented.
Layer 2 tunneling protocol
The Layer 2 tunneling protocol encapsulates the whole PPP frame in the internal
tunnel. The current layer 2 tunneling protocols include:
tunnel. The current layer 2 tunneling protocols include:
■
Point-to-Point Tunneling Protocol (PPTP): supported by Microsoft Corporation,
Lucent Technologies and 3Com Corporation, and supported in Windows NT
4.0 version and above. This protocol supports the tunneling encapsulation of
PPP protocols on IP networks. As a call control and management protocol, PPTP
adopts the enhanced Generic Routing Encapsulation (GRE) technique to
provide the encapsulation service of flow control and congestion control for
transmitted PPP packets.
Lucent Technologies and 3Com Corporation, and supported in Windows NT
4.0 version and above. This protocol supports the tunneling encapsulation of
PPP protocols on IP networks. As a call control and management protocol, PPTP
adopts the enhanced Generic Routing Encapsulation (GRE) technique to
provide the encapsulation service of flow control and congestion control for
transmitted PPP packets.
■
Layer 2 Forwarding Protocol (L2F): supports the tunneling encapsulation of
higher level protocols at the link layer and achieves the separation of dial-up
server and dial-up protocol connection.
higher level protocols at the link layer and achieves the separation of dial-up
server and dial-up protocol connection.
■
Layer 2 Tunneling Protocol (L2TP): drafted by IETF and aided by companies such
as Microsoft Corporation. It integrates the advantages of the above two
protocols, and is accepted by most enterprises as the standard RFC. L2TP
provides both dial-up VPN service and leased line VPN service.
as Microsoft Corporation. It integrates the advantages of the above two
protocols, and is accepted by most enterprises as the standard RFC. L2TP
provides both dial-up VPN service and leased line VPN service.
Layer 3 tunneling protocol
Layer 3 tunneling protocol starts from and ends in the ISP. PPP session ends at the
NAS and only layer 3 messages are carried over the tunnel. The current layer 3
tunneling protocols include:
NAS and only layer 3 messages are carried over the tunnel. The current layer 3
tunneling protocols include:
■
General Routing Encapsulation (GRE) protocol: used to implement the
encapsulation of any network layer protocol on another network layer
protocol.
encapsulation of any network layer protocol on another network layer
protocol.
■
IP Security (IPSec) protocols: The IPSec protocol is composed of multiple
protocols, such as Authentication Header (AH), Encapsulating Security Payload
(ESP), Internet Key Exchange (IKE). They build a complete data security
architecture on IP networks.
protocols, such as Authentication Header (AH), Encapsulating Security Payload
(ESP), Internet Key Exchange (IKE). They build a complete data security
architecture on IP networks.
GRE and IPSec are mainly used for VPN leased line services.
IPSec including IPSec VPN is only available through Extended V2.00 software.
Comparison of layer 2 and layer 3 tunnel protocols
Compared with layer 2 tunneling protocol, the advantages of layer 3 tunneling
protocol are its security, scalability and reliability.
protocol are its security, scalability and reliability.
In terms of security, a layer 3 tunnel usually ends at an ISP gateway and does not
impose any threat to the security of the user's network. However, because a layer
2 tunnel usually ends on the equipment at the user side, there is a high demand
for security and firewall technology over a user network.
impose any threat to the security of the user's network. However, because a layer
2 tunnel usually ends on the equipment at the user side, there is a high demand
for security and firewall technology over a user network.
In terms of scalability, transmission efficiency may be degraded on a Layer 2 IP
tunnel because all the PPP frames are encapsulated. In addition, the PPP session
runs through the entire tunnel and ends at the customer premise equipment. This
requires a large amount of PPP session status and information stored in the user
tunnel because all the PPP frames are encapsulated. In addition, the PPP session
runs through the entire tunnel and ends at the customer premise equipment. This
requires a large amount of PPP session status and information stored in the user