+ Reply to Thread
Results 1 to 11 of 11
  1. Junior Member
    Join Date
    Nov 2008
    Posts
    18

    Certifications
    Network+, Security+
    #1

    Default VPN Tunneling Encapsulation Questions?

    I was hoping someone might be able to clear up a few questions I have re: VPN & tunneling protocols. The TechExam notes says PPTP encapsulates PPP. When referring to VPNs, is it just assumed that PPP is present & is encapsulated (by PPTP or L2TP for example)? Would this be an accurate example of how encapsulated layers might look over a VPN? 1)IPX is the first encapsulated protocol, 2)PPP wraps around IPX, 3) L2TP & IPSEC combined wrap around PPP, 4) IP encapsulates the first three layers & acts as the carrier protocol? I get the impression that IPSEC isn't really a tunneling protocol & doesn't encapsulate PPTP or L2TP. Instead, it just enhances PPTP/L2TP security (i.e. you couldn' use only PPP & IPSEC, right)?
    Reply With Quote Quote  

  2. SS
  3. Baroo? skrpune's Avatar
    Join Date
    Oct 2008
    Location
    Chicagoland
    Posts
    1,409

    Certifications
    MCTS: Vista Configuration, MCTS: Windows 7 Configuring, MCP (290), A+, Network+, Server+
    #2
    as far as I can tell, PPP is involved in dial up networking, while PPTP is used for creating VPNs. Some of the notes I have indicate that PPTP is just a tunneling version of PPP and that L2TP is an "extended" version of PPP.

    I'm pretty sure that there's no PPP encapsulation involved if you've got L2TP or PPTP. Here's a breakdown of what I show for the VPN encryption protocols:
    - IPSec: works at layer 3; encrypts & authenticates; used in VPNs...but not used to create a VPN as far as I can tell
    - L2TP: supports non TCP/IP protocol VPNs; can connect router-to-router, client-to-RAS, router-to-RAS; extension of PPP
    - PPTP: encryption protocol; creates secure VPN tunnel; encapsulation; supports TCP/IP, IPX/SPX, NetBEUI, AppleTalk

    Now as for PPP, I show it as being a layer 2 protocol supporting DHCP, IP, IPX, NetBEUI & AppleTalk.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #3
    Quote Originally Posted by skrpune
    as far as I can tell, PPP is involved in dial up networking, while PPTP is used for creating VPNs. Some of the notes I have indicate that PPTP is just a tunneling version of PPP and that L2TP is an "extended" version of PPP.
    It looks like PPTP actually tunnels PPP. PPP is also used for WAN links (i.e. two sites with a point-to-point T1). I actually thought like you did, that PPTP was tunneling variant of PPP, but the RFC says otherwise: http://tools.ietf.org/html/rfc2637

    Quote Originally Posted by skrpune
    I'm pretty sure that there's no PPP encapsulation involved if you've got L2TP or PPTP.
    Looks like they both do. Check the Wikipedia (and subsequent RFCs if you're really bored) links below.

    Quote Originally Posted by skrpune
    Here's a breakdown of what I show for the VPN encryption protocols:
    - IPSec: works at layer 3; encrypts & authenticates; used in VPNs...but not used to create a VPN as far as I can tell
    - L2TP: supports non TCP/IP protocol VPNs; can connect router-to-router, client-to-RAS, router-to-RAS; extension of PPP
    - PPTP: encryption protocol; creates secure VPN tunnel; encapsulation; supports TCP/IP, IPX/SPX, NetBEUI, AppleTalk

    Now as for PPP, I show it as being a layer 2 protocol supporting DHCP, IP, IPX, NetBEUI & AppleTalk.
    I don't know if I'd consider IPsec exclusively a layer-3 protocol. I've seen the same references you've no doubt looked at, and I'm a bit confused. It seems like AH, ESP, IKE, etc. which are part of the IPsec protocol suite would function at layers 5 and 6 as well. Maybe those are considered separately...

    See this thread for related information and my comment about IPsec tunnels: http://techexams.net/forums/viewtopic.php?t=40830

    More general info:
    http://en.wikipedia.org/wiki/Point-t...eling_protocol
    http://en.wikipedia.org/wiki/Ipsec
    http://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol
    Reply With Quote Quote  

  5. Baroo? skrpune's Avatar
    Join Date
    Oct 2008
    Location
    Chicagoland
    Posts
    1,409

    Certifications
    MCTS: Vista Configuration, MCTS: Windows 7 Configuring, MCP (290), A+, Network+, Server+
    #4
    well, poopsicles, thought I understood VPN & the protocols. Thanks for the clarification & info & links dynamik, I'll add those to my things to review before the test...
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Apr 2005
    Posts
    901

    Certifications
    CCDE #20170037, CCNP/DP and quite a few more from various vendors.....
    #5

    Default Re: VPN Tunneling Encapsulation Questions?

    Quote Originally Posted by jeffslaw
    When referring to VPNs, is it just assumed that PPP is present & is encapsulated (by PPTP or L2TP for example)?
    Yes, PPTP and L2TP are VPN tunneling protocols related to the PPP model.

    PPTP is typically a dial up connection and the protocol that allows IP communication over a point to point link over a PSTN or ISDN circuit switched network. So an example of this is dialing up over an ISDN or analog modem line on your PC and connecting directly to a network access server in a HQ building to gain access to the corporate network

    L2TP is slightly different. L2TP is a means of enabling end points i.e. modems, routers etc to make the same access connection to the network access server over a packet switched IP network.

    An example of this would be an ADSL connection where your ADSL modem as opposed to dialling directly into the network access server in head office over a phone or ISDN line, it dials into some kind of concentrator such as an ADSL multiplexor (or MUX for short). The MUX then tunnels PPP packets to the network access server over an IP network i.e. the internet or frame relay etc.

    This allows you to cut out the long distance costs of connecting over a dial up connection.

    Quote Originally Posted by jeffslaw
    I get the impression that IPSEC isn't really a tunneling protocol & doesn't encapsulate PPTP or L2TP. Instead, it just enhances PPTP/L2TP security (i.e. you couldn' use only PPP & IPSEC, right)?
    IPSec fits into the above as follows.

    IPSec AH/ESP is a security protocol that operates at layer 3 and only carries IP traffic not PPP.

    It is not a tunneling protocol but operates under "tunnel mode" where one or both devices act as a security gateway (for example VPN concentrator or firewall). AH and ESP security protocols are used for authentication and integrity. AH doesn't handle encryption but ESP does.

    IPSec tunnels use Internet Key Exchange (IKE) negotiation for setting up the tunnel by sending ISAKMP messages.

    I'd encourage you to also check out some of the links the other guys have posted to the RFC documents.

    Hope this helps
    Malc
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #6
    Quote Originally Posted by skrpune
    well, poopsicles, thought I understood VPN & the protocols. Thanks for the clarification & info & links dynamik, I'll add those to my things to review before the test...
    You seem to have a good handle on things. Don't worry about mastering every little detail. There's only a few people here who are at that level (I'm NOT one of them), and the most important thing when you're getting started is to simply learn each technology's capabilities and limitations, and to develop a general understanding of how things work behind-the-scenes. You'll continue to pick up little details from that point on. And to be honest, I did spend a little time reviewing the details before I responded.
    Reply With Quote Quote  

  8. Baroo? skrpune's Avatar
    Join Date
    Oct 2008
    Location
    Chicagoland
    Posts
    1,409

    Certifications
    MCTS: Vista Configuration, MCTS: Windows 7 Configuring, MCP (290), A+, Network+, Server+
    #7
    Quote Originally Posted by dynamik
    Quote Originally Posted by skrpune
    well, poopsicles, thought I understood VPN & the protocols. Thanks for the clarification & info & links dynamik, I'll add those to my things to review before the test...
    You seem to have a good handle on things. Don't worry about mastering every little detail. There's only a few people here who are at that level (I'm NOT one of them), and the most important thing when you're getting started is to simply learn each technology's capabilities and limitations, and to develop a general understanding of how things work behind-the-scenes. You'll continue to pick up little details from that point on. And to be honest, I did spend a little time reviewing the details before I responded.
    Thanks. I looked over some of the links and YOWZA a lot of it is over my head and a bit beyond the scope of the N+ exam (or at least I hope! ).

    I think for the time being I'll take your advice & focus on the basic characteristics of the protocols/VPNs and bookmark this page & the links for future reading after the test. I'd love to learn more about security protocols, and it seems like the N+ exam just barely skims the surface. Maybe I'll put Security+ on my list of certs...
    Reply With Quote Quote  

  9. Pissed
    Join Date
    May 2007
    Location
    Denver
    Posts
    372

    Certifications
    A+; Network+; MCSE: 2k3; MCTS; CCNA; VCP4, VCP5
    #8
    When I was learning VPNs for N+ I found this link extremly helpful.

    http://computer.howstuffworks.com/vpn.htm

    Check it out.
    Reply With Quote Quote  

  10. Baroo? skrpune's Avatar
    Join Date
    Oct 2008
    Location
    Chicagoland
    Posts
    1,409

    Certifications
    MCTS: Vista Configuration, MCTS: Windows 7 Configuring, MCP (290), A+, Network+, Server+
    #9
    Quote Originally Posted by aordal
    When I was learning VPNs for N+ I found this link extremly helpful.

    http://computer.howstuffworks.com/vpn.htm

    Check it out.
    great link, thanks for sharing!
    Reply With Quote Quote  

  11. Junior Member
    Join Date
    Nov 2008
    Location
    Prescott, WI
    Posts
    28

    Certifications
    S+, some stale NT certs
    #10

    Default One great way to learn about VPNs and IPSEC

    Is to pick up a used Linksys BEFVP41 router off ebay and create a VPN gateway for your home network, then try connecting to it from outside using the Greenbow or other VPN client installed on a laptop. You might have to do some tweaking of your DSL/cable modem initially but these things are usually pretty well documented. What you learn about IPSec is 100% transferrable to enterprise IPSec connectivity. It works exactly the same just on a larger scale. Looks like the industry is making a strong move to SSL based VPNs though (except for site to site).
    Reply With Quote Quote  

  12. Junior Member
    Join Date
    Nov 2008
    Posts
    18

    Certifications
    Network+, Security+
    #11

    Default Thanks

    Thanks to everyone for posting. Very helpful
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks