what is a layer 2 vpn

carl_townshend · ‎07-18-2006

what exactly is one of these ? i have never heard of it, are they all layer 2 ?

desai.jaideep · ‎07-18-2006

Hi

(1)Layer 2 Tunneling Protocol (L2TP) is a subset of PPP(Point-to-point) protocol.

(2)The basic use of it is enabling layer 2 communication over IP(Layer 3)

(3)The advantage is that, in general routing enviroment, all the communication is done on layer 3.If you want transparent network between your tunnels.You have to implement L2 communication, so that the dial-in users have all the access to the network.

(4) http://www.cisco.com/en/US/netsol/ns588/networking_solutions_white_paper09186a00800a8444.shtml

Hope it helps.

Regards

JD

carl_townshend · ‎07-18-2006

does that mean you can have the same subnet both ends of the tunnel ? as its layer 2, what exactly does it allow for ?

desai.jaideep · ‎07-18-2006

Hi

Of Course.That protocol is made for that only.It allows everything on Layer 2.

It would be helpful if you will elobrate on the "as its layer 2, what exactly does it allow for ?"

Regards

JD

carl_townshend · ‎07-18-2006

Hi there, What I wanted to know basically, is why is it layer 2, does that mean if I had a subnet on one end say 192.168.10.0 and the same on the other end, it would behave like a switch similar to a lan extension, but also do people normally assign a different ip at the end of the vpn ?

desai.jaideep · ‎07-18-2006

Hi

The answer is yes.If u are having a pool of 192.168.1.0/24 and you have a VPN dial-in user having IP 192.168.1.200.He will be able to communicate with the LAN.

Below are some of excerpts from L2TP questionnire.

"Q. What is Layer 3 tunneling?

A. Layer 3 tunneling is not a new technology. Generic Routing Encapsulation (GRE) with RFC 1701 has existed for a long time. Cisco has offered this tunneling technology since Cisco IOS software version 9.21. IPSec is the new IETF standard for encryption and encrypted tunnel. Cisco is providing IPSec in Cisco IOS software version 11.3(3)T and later. Cisco is providing Mobile IP in Cisco IOS version 12.0(1)T.

Q. What is the difference between Layer 2 and Layer 3 tunneling?

A. Layer 2 leverages existing PPP technologies such as NCP and access-authentication protocols. Layer 3 loses much of this by recreating the NCP as Layer 3 tunnel endpoints within the customer network. Layer 2 does not require additional special IP software for end users, corporation, and ISP. The Layer 3 solutions require an IP substrate shared between the Corporation and the ISP. In terms of security, user authentication and tunnel authentication features in Layer two tunneling provide better resistance against hackers. In some Layer 3 solutions, authentication is done only at the SP. This solution may pose a security risk for the corporation. The emerging standard for Layer 2 tunneling protocol is L2TP.

Q. Why is Cisco pushing for Layer 2 tunneling instead of Layer 3 tunneling?

A. Cisco is providing both Layer 2 and Layer 3 tunneling solutions. Cisco does not favor one type over the other. Layer 2 tunneling is primarily an Access VPN solution while Layer 3 tunneling provides support for intranet and extranet VPNs between branch offices and a corporate headquarters. Layer 3 tunneling may also make sense in some of the Access VPN implementations such as client-initiated tunnel mode and Internet wholesale access solutions."