I'm deciding wether to adopt the LT2P or PPTP VPN Client on Windows XP. L2TP over IPSec is probably the best choice because of what IPSec has to offer. Despite that, at I would like to know which of the Later-2 Tunnel Protocols (LT2P or PPTP) is the more secure options and why. Does one or the other cause the PIX to open up holes which pose huge security risks. I read somewhere that avoid PPTP wherever possible, but I can't find documentation to explain the reason. Can anyone help?
Hey thanks for the very helpful reply. It answers most of my questions. I just have one further question (probably a stupid one so please bare with me).
With the advent of ADSL and Cable Modem a client PC has IP connectivity and so why does Microsoft need to do use LT2P/IPSec client and not just a IPSec client? Why is the LT2P tunnel required if IP connectivity is already available?
Standards based IPSec is tough - you need to either use shared secrets (don't scale), or digital certificates (headaches here we come! ;-). Most real world IPSec solutions offer both standards based and proprietary features (which may just be an implementation of IETF draft standards, like Cisco's current nat traversal implementation). MS probably wanted a few options - to use IPSec, and allow configurations with just username+password security. L2TP also allows non IP protocols to run across it. IPSec does not.
The l2tp tunnel is used for ipsec and non IP protocols, IIRC. You are going to have a tunnel in a pure IPsec solution too - it is an unhindered by firewall tunnel to otherwise secured resources.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :