The use of the term VPN makes it sound like a single thing, when actually it's just a technology with several types and flavors from which to choose. Several VPN types are available, but we will cover only the three main types used with the PIX: PPTP, L2TP, and IPSec.
The Point-to-Point Tunneling Protocol (PPTP) VPN solution, primarily created by Microsoft, makes Point-to-Point (PPP) traffic routable. It provides for user authentication and uses Microsoft Point-to-Point Encryption (MPPE) to secure traffic. The PIX firewall supports PPTP for remote access; however, PPTP isn't supported by all vendors .
Layer 2 Tunneling Protocol (L2TP) VPNs are an enhancement of the Cisco Layer 2 Forwarder (L2F) mechanism that works only at layer 2 to forward IP, IPX, and AppleTalk traffic. L2TP builds on L2F to make it routable across IP networks. This work was done by a combination of efforts from Cisco, Microsoft, Ascent, and 3Com to form RFC 2661. The L2TP VPN solution doesn't contain any encryption engine built in the way PPTP does. However, L2TP is typically implemented with IPSec to create what is called L2TP over IPSec, making L2TP very secure with the added benefit of user authentication. This tunneling protocol can authenticate on both user and machine levels, giving you more granularity over who can connect. Similar to PPTP, L2TP is typically used for remote access.
IPSec VPN is an open standard defining a group of security protocols used together to form a secure connection between two peers. Basically, IPSec is a VPN tunnel that enables you to encrypt traffic or guarantee that it hasn't changed from one peer to another. The PIX firewall supports site-to-site and access VPN traffic with IPSec. Most products on the market that support VPNs also support IPSec for interoperability with other vendors.
Of the three types of VPNs covered here, IPSec is the main focus of this chapter and the following sections.