> > I want to get some collective thought on the pro's and con's > of using PPTP > Vs IPSec for VPN's (either site to site and remote users) > > Any comments would be appreciated : ) > > regards, > > John Taylor >
The main difference is that PPTP is a layer 2 protocol and IPSec is layer 3 protocol suite. PPTP can be seen as a virtual cable :) on top of this cable you can realize a remote access using NAT or whatever... Authentication integrity and confidentiality is not good protected by default (CHAP/PAP) and has to be supplemented by additional encryption methods - not contained in the standard. PPTP could run other protocols as well (layer 2 tunnel) IPSec supports key handling machanisms, supports certificates, strong authentication and encryption methods. You run into complications using dynamic IP adresses and NAT (usual given for remote access). (AH and NAT are not working together since AH is signing parts of the IP header as well. You can go around this by packing the IPSec packets into a new (udp) packet for example. ESP could only be used in tunnel mode - your packet gets another IP header with an "outer" adress) I think you could combine both !? There are several other complications regarding some constellations with IKE key exchange modes (main and agressive mode), preshared keys, dynamic IP addr. and so on. I have problems to understand this completly :-)) It is confusing ... bye, Erik _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
