1. Home
  2. Virtual Private Networks
  3. L2TP question

L2TP question

Hi, the most information on L2TP i find (especially rfc's) mention the following situation : A client dials up to a ISP and then after ppp autentification (username/pw) and authorisation (yes, you have payed my bill! to connect the internet) the LAC ( L2TP Access Concentrator) initiates the L2TP tunnel to the desired endpoint (the remote lan i want to connect).

--somewhat clear ! but i come to the conclusion that i have to ask my ISP wheather his Dial-In device supports that L2TP capabilities anyhow ... Am I principically right ? (you must not mention some world wide adopted standards here)

user --------- LAC ========== NAS (remote) ppp L2TP

On a cisco site i found out, that some "able" routers do support L2TP on the users site (before invocing the ISP's LAC), so that the L2TP tunnel starts at the users router (passing the ISP's LAC nothing doing).

user (router) ====== (LAC?)======== NAS (remote) -------- dial-in L2TP over ppp L2TP over IP Cloud

which seems likely to be the same as a vpn connection from a (windows) client , where u set up a normal (ppp) dial-in connection, and upon on that , you run your L2TP (which i assume runs above ppp until the ISPs device and is the unpacked to IP and releaased nto the internet cloud)

can anyone point me to some information for the second mode , or both or a "good" point to read ? thanx jk

Reply to
Juergen Kluth
Loading thread data ...

One thing that seems to be missing in your diagrams is the Home Gateway (LNS) that will terminate the L2TP tunnel on the remote network.

There's not much point in the ISP initiating the tunnel at their LAC if there's not something at the remote network end to terminate that tunnel...

At this point, the ISP isn't doing anything for you. Its all between your LAC (ie. L2TP over IPsec is the normal mode, or PPTP) and the remote LNS. The ISP is just providing you IP connectivity to get to your LNS.

The Cisco docs on L2TP are really good. So is the Wikipedia article as branches off to source material.

Reply to
Doug McIntyre

Hi, at first thanx.

You are right , i forgot the LNS But again : If i would or would have to work with this config:

-Must i ask in this case wether the ISP has a "LAC" capable device (normally i would assume a DSLAM or else for the endpoint of my dial up connection) ? to create a tunnel to "my" LNS ?

-"My" LNS, must the this be connected by a fixed / leased line ? Or must it just typically have a constant IP address ?

regards jk

Reply to
Juergen Kluth

Not sure what the question is here. In this model of you connecting to an ISP, and the ISP auto-tunneling your taffic, yes, the ISP would have to have a RAS/BRAS device capable of being a L2TP LAC. That in turn would identify your clients dialing in and auto-starting the tunnel for that user to the LNS.

It can be anywhere you have IP connectivity to. Policies of the service the ISP offering you L2TP services may dictate what they consider reasonable for connection back to your LNS. The L2TP tunnelling all happens on the layer-3 IP layer though.

A fixed IP address is pretty much a given for the LNS end.

The other model you originally mentioned last in your first post with an onsite CPE user device being a LAC to initiate the tunnel across the Net doesn't require the ISPs involvement in any fashion what-so-ever.

Reply to
Doug McIntyre

Hi,

Your answer confirms what i am starting to think about what i have read the last hours

formatting link
~ page

177 and on) I want to dig into vpn. ... and started with rfc (?). There (in the rfc) almost is the LAC at ISP configuration described and i asked myself what i would have to do (call my ISP ?). Seems to be "compulsory tunnel". May be this config is of "earlier times", or has some special features (like dedicated bandwith with tunnel over atm or has some security advantages (?).). I feel very sure this was a "product one could by from his ISP".

The other, "voluntary tunnel", was in my focus, because from my eye i am a theoretical remote user with dsl (PPPoE - connection to ISP), but this isnt easy to find in rfc. And at least the Windows client is able to connect via L2TP (has the LAC in it, i think).

still at the very surface ... Thanx + regards jk

"Doug Mc>>> There's not much point in the ISP initiating the tunnel at their LAC

Reply to
Juergen Kluth

Newsbeitragnews:47b38e7b$0$93275$ snipped-for-privacy@newsreader.iphouse.net...

L2TP quick flash tutorial:

formatting link

Reply to
.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.