RFC 3193 (rfc3193) - Page 2 of 28


Securing L2TP using IPsec



Alternative Format: Original Text Document

< Previous
Next >



RFC 3193               Securing L2TP using IPsec           November 2001


Table of Contents

   1. Introduction ..................................................  2
   1.1 Terminology ..................................................  3
   1.2 Requirements language ........................................  3
   2. L2TP security requirements  ...................................  4
   2.1 L2TP security protocol .......................................  5
   2.2 Stateless compression and encryption .........................  5
   3. L2TP/IPsec inter-operability guidelines .......................  6
   3.1. L2TP tunnel and Phase 1 and 2 SA teardown ...................  6
   3.2. Fragmentation Issues ........................................  6
   3.3. Per-packet security checks ..................................  7
   4. IPsec Filtering details when protecting L2TP ..................  7
   4.1. IKE Phase 1 Negotiations ....................................  8
   4.2. IKE Phase 2 Negotiations ....................................  8
   5. Security Considerations ....................................... 15
   5.1 Authentication issues ........................................ 15
   5.2 IPsec and PPP interactions ................................... 18
   6. References .................................................... 21
   Acknowledgments .................................................. 22
   Authors' Addresses ............................................... 23
   Appendix A: Example IPsec Filter sets ............................ 24
   Intellectual Property Statement .................................. 27
   Full Copyright Statement ......................................... 28

1.  Introduction

   L2TP [1] is a protocol that tunnels PPP traffic over variety of
   networks (e.g., IP, SONET, ATM).  Since the protocol encapsulates
   PPP, L2TP inherits PPP authentication, as well as the PPP Encryption
   Control Protocol (ECP) (described in [10]), and the Compression
   Control Protocol (CCP) (described in [9]).  L2TP also includes
   support for tunnel authentication, which can be used to mutually
   authenticate the tunnel endpoints.  However, L2TP does not define
   tunnel protection mechanisms.

   IPsec is a protocol suite which is used to secure communication at
   the network layer between two peers.  This protocol is comprised of
   IP Security Architecture document [6], IKE, described in [7], IPsec
   AH, described in [3] and IPsec ESP, described in [4].  IKE is the key
   management protocol while AH and ESP are used to protect IP traffic.

   This document proposes use of the IPsec protocol suite for protecting
   L2TP traffic over IP networks, and discusses how IPsec and L2TP
   should be used together.  This document does not attempt to






Patel, et al.               Standards Track


< Previous
Next >


Web Standards & Support:

Link to and support eLook.org Powered by LoadedWeb Web Hosting
Valid XHTML 1.0! Valid CSS! eLook.org FireFox Extensions