128    Chapter 3 • Communication Security: Remote Access and Messaging

                      that the data was not modified in transit), replay protection (prevention
                      from resending a stream of captured packets), and data confidentiality (pre-
                      vention from interpreting captured packets without an encryption key).

                  ■   L2TP/IPSec connections require two levels of authentication: computer-
                      level authentication using certificates or pre-shared keys for IPSec sessions,
                      and user-level authentication using PPP authentication protocol for the L2TP
                      tunnel.

                 Some advantages of the L2TP/IPSec combination over PPTP are:
                  ■   IPSec provides per-packet data origin, data integrity, replay protection, and
                      data confidentiality. In contrast, PPTP only provides per-packet data confi-
                      dentiality.

                  ■   L2TP/IPSec connections require two levels of authentication: computer-
                      level authentication and user-level authentication.

                  ■   PPP frames exchanged during user-level authentication are never sent
                      unencrypted, because the PPP connection process for L2TP/IPSec occurs
                      after the IPSec security association (SA) is established.




              EXAM WARNING
                  Make sure you understand the differences between PPTP and L2TP,
                  including pros, cons, and protocols related to each.




                Punching a Hole in the Firewall
            Tools & Traps…  using PPTP or L2TP is forgetting to allow the associated ports through the
                One of the most common mistakes made when setting up VPN tunnels


                firewall. Make sure the appropriate ports are open: port 1723 for PPTP
                and port 1701 for L2TP.
















          www.syngress.com