Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    L2TP/IPsec Tunnels Overview

    The L2TP/IPsec remote access allows clients to connect to a corporate virtual private network (VPN) over the public Internet with a secure connection. The L2TP tunnel runs on top of an IPsec transport mode connection. The secure tunnel runs from the client PC to the E Series router that terminates the secure tunnel. For example, using L2TP with IPsec enables Broadband Remote Access Server (B-RAS) clients to securely connect to a corporate or other VPN in addition to using another unsecured connection to the Internet, depending on the client software capabilities.

    On the router side of the L2TP connection, the E Series router acts as the LNS. On the PC client side of the connection, the client acts as the LAC and runs the L2TP/IPsec client software on supported platforms. (For a list of the supported platforms, see L2TP/IPsec Traffic Compatibility Issues and Requirements Overview.) Both sides of the connection run IPsec in transport mode with Encapsulating Security Payload (ESP) encryption and authentication.

    In the model shown in Figure 1, a client PC connects to its local provider, who gives the client a public IP address. Using the public IP address, the client PC initiates an IPsec connection toward the L2TP/IPsec gateway for the private network that it wants to connect to. After establishing the IPsec connection, the client establishes an L2TP tunnel to the same L2TP/IPsec gateway, which provides the client with another IP interface to access the private network that it is connecting to. The L2TP tunnel is completely protected by the IPsec connection established earlier.

    Figure 1: L2TP with IPsec Application

    L2TP with IPsec Application

    Published: 2014-08-12