Browse Prior Art Database

Securing L2TP using IPsec (RFC3193)

IP.com Disclosure Number: IPCOM000005882D
Original Publication Date: 2001-Nov-01
Included in the Prior Art Database: 2001-Nov-14
Document File: 29 page(s) / 64K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

B. Patel: AUTHOR [+5]

Abstract

This document discusses how L2TP (Layer Two Tunneling Protocol) may utilize IPsec to provide for tunnel authentication, privacy protection, integrity checking and replay protection. Both the voluntary and compulsory tunneling cases are discussed.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 5% of the total text.

Network Working Group                                           B. Patel

Request for Comments: 3193                                         Intel

Category: Standards Track                                       B. Aboba

                                                                W. Dixon

                                                               Microsoft

                                                                 G. Zorn

                                                                S. Booth

                                                           Cisco Systems

                                                           November 2001

                       Securing L2TP using IPsec

Status of this Memo

   This document specifies an Internet standards track protocol for the

   Internet community, and requests discussion and suggestions for

   improvements.  Please refer to the current edition of the "Internet

   Official Protocol Standards" (STD 1) for the standardization state

   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2001).  All Rights Reserved.

Abstract

   This document discusses how L2TP (Layer Two Tunneling Protocol) may

   utilize IPsec to provide for tunnel authentication, privacy

   protection, integrity checking and replay protection. Both the

   voluntary and compulsory tunneling cases are discussed.

Patel, et al.               Standards Track                     [Page 1]

RFC 3193               Securing L2TP using IPsec           November 2001

Table of Contents

   1. Introduction ..................................................  2

   1.1 Terminology ..................................................  3

   1.2 Requirements language ........................................  3

   2. L2TP security requirements  ...................................  4

   2.1 L2TP security protocol .......................................  5

   2.2 Stateless compression and encryption .........................  5

   3. L2TP/IPsec inter-operability guidelines .......................  6

   3.1. L2TP tunnel and Phase 1 and 2 SA teardown ...................  6

   3.2. Fragmentation Issues ........................................  6

   3.3. Per-packet security checks ..................................  7

   4. IPsec Filtering details when protecting L2TP ..................  7

   4.1. IKE Phase 1 Negotiations ....................................  8

   4.2. IKE Phase 2 Negotiations ....................................  8

   5. Security Considerations ....................................... 15

   5.1 Authentication issues ........................................ 15

   5.2 IPsec and PPP interactions ................................... 18

   6. References .................................................... 21

   Acknowledgments .................................................. 22

   Authors' Addresses ............................................... 23

   Appendix A: Example IPsec Filter sets ............................ 24

   Intellectual Property Statement .................................. 27

   Full Copyright Statement ......................................... 28

1.  Introduction

   L2TP [1] is a protocol that tunnels PPP traffic over variety of

   networks (e.g., IP, SONET, ATM).  Since the protocol encapsulates

   PPP, L2TP inherits PPP authentication, as well as the PPP Encryption

   Control Protocol (ECP) (described in [10]), and the Compression

   Control Protocol (CCP) (described in [9]).  L2TP also includes

   support for tunnel authentication, which can be used to mutually

   authenticate the tunnel endpoints.  However, L2TP does not define

   tunnel prote...