Russ,
L2TP divides the functionality of a RAS in two: back-end logical termination (at the entrance to a customer site), and front-end modem pools (at the edge of an ISP). What is the value of this? Well, the obvious one is that a customer doesn't have to maintain modems and phone lines, but IPSEC provides this functionality as well. So what's the difference? a) L2TP doesn't require modifications to a existing clients, and b) L2TP doesn't require crypto, which is computationally expensive.
Yes, crypto can be used as an add-on to PPP, but then you lose the two real values of L2TP.
Regards,
Bill
----------
From: Russ[SMTP:Russ .
Cooper @
RC .
Toronto .
on .
ca]
Sent: Wednesday, August 28, 1996 6:51 PM
To: 'Christopher Klaus'; 'Brian W. McKenney'; 'Bill Hunt'
Cc: 'firewalls @
GreatCircle .
COM'
Subject: RE: Win NT PPTP vs. VPN
Bill,
I'm curious, since PPTP allows for encrypted PPP at the client, why does
PPTP fall into a trust of ISPs, PSTNs, etc...???
PPTP doesn't even require involvement by an ISP if you are directly
connected to the Internet. When they are involved, ISPs only deploy
FEPs. FEPs authenticate against PPTP servers to establish a connection,
but the contents of the PPTP channel is then authenticated and decrypted
by the NT server. The session key created by the FEP is only used to
encrypt the CHAP, not the contents of the stream.
So the data is protected end to end from Hackers and Infrastructure
alike.
Cheers,
Russ
>
|
|
