In Chapter 2, "Designing and Deploying L2TPv3-Based Layer 2 VPNs (L2VPN)," you saw how Layer Two Tunneling Protocol version 3 (L2TPv3) can be used to transport a number of Layer 2 protocols in a site-to-site configuration. This chapter shows how L2TPv2 (RFC2661) and L2TPv3 (RFC3931) can be used to provide home workers, telecommuters, or "road warriors" with access to a corporate or other organization network.
Figure 8-1 depicts L2TP remote access VPNs.
Figure 8-1. L2TP Remote Access VPNs
L2TP can be used to provide remote access in two different ways:
The key point to note is that the PPP connection and L2TP tunnel are terminated on the same device when using voluntary/client-initiated tunnel mode.
In this mode, the LAC does not terminate PPP connections (at least PPP connections that are transported over the L2TP tunnel).
In Figure 8-1, remote access users email@example.com and firstname.lastname@example.org are taking advantage of L2TP voluntary/client-initiated tunnel mode to connect to a corporate VPN gateway (LNS).
email@example.com is a telecommuter, and uses a small home router to tunnel traffic to and from a VPN gateway. firstname.lastname@example.org, on the other hand, is a "road warrior" who uses the built-in L2TP/IPsec (L2TP protected by IPsec) client software on his laptop to connect over an Internet connection to the VPN gateway.
email@example.com and firstname.lastname@example.org, on the other hand, do not directly use L2TP to connect to a VPN gateway. Instead, they connect via PPP (over dialup, DSL, or other access technologies) to a service provider LAC, which then tunnels both PPP connections over the same compulsory/NAS-initiated L2TP tunnel to a VPN gateway.
In Figure 8-1, telecommuter home router (email@example.com) and firstname.lastname@example.org are labeled 'L2TPv2/L2TPv3' and 'LAC [L2TPv2]' respectively. You may be wondering why two different versions of L2TP are used depending on whether a remote access user is mobile (a 'road-warrior') or a telecommuter. This is because, to date, all implementation of L2TP included with host operating systems (Windows/Mac OS X) utilize L2TPv2, while Cisco routers (used in Figure 8-1 for telecommuter remote access) support both L2TPv2 and L2TPv3.
This chapter concentrates on L2TPv2 because of its much wider deployment as a remote access VPN protocol.