Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

LT2P or PPTP

I'm deciding wether to adopt the LT2P or PPTP VPN Client on Windows XP. L2TP over IPSec is probably the best choice because of what IPSec has to offer. Despite that, at I would like to know which of the Later-2 Tunnel Protocols (LT2P or PPTP) is the more secure options and why. Does one or the other cause the PIX to open up holes which pose huge security risks. I read somewhere that avoid PPTP wherever possible, but I can't find documentation to explain the reason. Can anyone help?

Thanks

Vito

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: LT2P or PPTP

LT2P is considered more secure because it has all the options that PPTP offers plus it has other security options that are not in PPTP.

Many people configure PPTP because of their limited needs and ease of configuration. LT2P is not as easy as to configure PPTP. Unlike PPTP it also authenticate tunnel end points.

I would suggest to go over the following link that might answer most of your questions:

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_q_and_a_item09186a00800a443e.shtml]

3 REPLIES
New Member

Re: LT2P or PPTP

LT2P is considered more secure because it has all the options that PPTP offers plus it has other security options that are not in PPTP.

Many people configure PPTP because of their limited needs and ease of configuration. LT2P is not as easy as to configure PPTP. Unlike PPTP it also authenticate tunnel end points.

I would suggest to go over the following link that might answer most of your questions:

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_q_and_a_item09186a00800a443e.shtml]

New Member

Re: LT2P or PPTP

Hey thanks for the very helpful reply. It answers most of my questions. I just have one further question (probably a stupid one so please bare with me).

With the advent of ADSL and Cable Modem a client PC has IP connectivity and so why does Microsoft need to do use LT2P/IPSec client and not just a IPSec client? Why is the LT2P tunnel required if IP connectivity is already available?

Thanks for your help mate.

Vito

Silver

Re: LT2P or PPTP

Standards based IPSec is tough - you need to either use shared secrets (don't scale), or digital certificates (headaches here we come! ;-). Most real world IPSec solutions offer both standards based and proprietary features (which may just be an implementation of IETF draft standards, like Cisco's current nat traversal implementation). MS probably wanted a few options - to use IPSec, and allow configurations with just username+password security. L2TP also allows non IP protocols to run across it. IPSec does not.

The l2tp tunnel is used for ipsec and non IP protocols, IIRC. You are going to have a tunnel in a pure IPsec solution too - it is an unhindered by firewall tunnel to otherwise secured resources.

535
Views
0
Helpful
3
Replies
CreatePlease login to create content