L2TP over IPSec Connections

  • Article

L2TP over IPSec offers user authentication, mutual computer authentication, encryption, data authentication, and data integrity.

User Authentication with L2TP over IPSec

Authentication of the VPN client occurs at two different levels: the computer is authenticated, and then the user is authenticated.

IPSec Computer Authentication

Mutual computer authentication of the VPN client and the VPN server is performed when you establish an IPSec ESP security association (SA) through the exchange of computer certificates. IPSec Phase I and Phase II negotiation occurs, and an IPSec SA is established with an agreed encryption algorithm, hash algorithm, and encryption keys.

To use L2TP over IPSec, a computer certificate must be installed on both the VPN client and the VPN server. You can obtain computer certificates automatically by configuring an auto-enrollment Windows 2000 Group Policy or manually using the Certificates snap-in. For more information, see Windows 2000 Server Help.

L2TP User-Level Authentication

The user attempting the L2TP connection is authenticated using PPP-based user authentication protocols such as EAP, MS-CHAP, CHAP, SPAP, and PAP. Because the PPP connection establishment process is encrypted by IPSec, any PPP authentication method can be used. Mutual user-level authentication occurs if you use MS-CHAP v2 or EAP-TLS.

L2TP Tunnel Authentication

L2TP also provides a way to authenticate the endpoints of an L2TP tunnel during the tunnel establishment process known as L2TP tunnel authentication. By default, Windows 2000 does not perform L2TP tunnel authentication. For more information about configuring Windows 2000 for L2TP tunnel authentication, see the Microsoft Knowledge Base link on the Web Resources page at https://windows.microsoft.com/windows2000/reskit/webresources .

Encryption with L2TP over IPSec

Encryption is determined by the establishment of the IPSec SA. The available encryption algorithms include:

  • DES with a 56-bit key.

  • Triple DES (3DES), which uses three 56-bit keys and is designed for high-security environments.

Because IPSec was designed for IP internetworks where packets could be lost and arrive out of order, each IPSec packet is decrypted independent of other IPSec packets.

The initial encryption keys are derived from the IPSec authentication process. For DES-encrypted connections, new encryption keys are generated after every 5 minutes or 250 megabytes of data transferred. For 3DES-encrypted connections, new encryption keys are generated after every hour or 2 gigabytes of data transferred. For AH-protected connections, new hash keys are generated after every hour or 2 gigabytes of data transferred. For more information about IPSec, see "Internet Protocol Security" in the TCP/IP Core NetworkingGuide .

Data Authentication and Integrity with L2TP over IPSec

Data authentication and integrity is provided by one of the following:

  • The hash message authentication code (HMAC) Message Digest 5 (MD5), a hash algorithm producing a 128-bit hash of the authenticated payload.

  • The HMAC Secure Hash Algorithm (SHA), a hash algorithm producing a 160-bit hash of the authenticated payload.

L2TP over IPSec Packet Filtering

Just as in PPTP-based VPN connections, the enabling of forwarding between the interfaces on the public or shared network and the intranet causes the VPN server to route all IP traffic from the shared or public network to the intranet. To protect the intranet from all traffic not sent by a VPN client, you must configure L2TP over IPSec packet filtering so that the VPN server only performs routing between VPN clients and the intranet and not between potentially malicious users on the shared or public network and the intranet.

L2TP over IPSec packet filtering can be configured on either the VPN server or on an intermediate firewall. For more information, see "VPNs and Firewalls" later in this chapter.