RFC 2888 (rfc2888) - Page 1 of 19
Secure Remote Access with L2TP
Alternative Format: Original Text Document
Network Working Group P. Srisuresh
Request for Comments: 2888 Campio Communications
Category: Informational August 2000
Secure Remote Access with L2TP
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2000). All Rights Reserved.
Abstract
L2TP protocol is a virtual extension of PPP across IP network
infrastructure. L2TP makes possible for an access concentrator (LAC)
to be near remote clients, while allowing PPP termination server
(LNS) to be located in enterprise premises. L2TP allows an enterprise
to retain control of RADIUS data base, which is used to control
Authentication, Authorization and Accountability (AAA) of dial-in
users. The objective of this document is to extend security
characteristics of IPsec to remote access users, as they dial-in
through the Internet. This is accomplished without creating new
protocols and using the existing practices of Remote Access and
IPsec. Specifically, the document proposes three new RADIUS
parameters for use by the LNS node, acting as Secure Remote Access
Server (SRAS) to mandate network level security between remote
clients and the enterprise. The document also discusses limitations
of the approach.
1. Introduction and Overview
Now-a-days, it is common practice for employees to dial-in to their
enterprise over the PSTN (Public Switched Telephone Network) and
perform day-to-day operations just as they would if they were in
corporate premises. This includes people who dial-in from their home
and road warriors, who cannot be at the corporate premises. As the
Internet has become ubiquitous, it is appealing to dial-in through
the Internet to save on phone charges and save the dedicated voice
lines from being clogged with data traffic.
Srisuresh Informational