PPTP is not in itself a security solution, but is a method of encapsulating network traffic (IP or other protocols such as AppleTalk) in a stream so that other it can be routed with other TCP traffic, but it acts like a level 1 PPP connection to the servers at each end so other mechanisms, including IPSec can then be used to secure it. It does use Point to Point Protocol(PPP) authentication, just as dial up internet links do. IPSec operates at a logically higher level in the stack (although actually they both use IP protocols at the transport layer, GRE for PPTP and AH or ES for IPSec) between the Network and transport layers and allows standard TCP/IP to be tunnelled over it but not other network protocols. It handles the authentication and encryption of traffic between the end points itself negotiated between endpoints with the IKE protocol (UDP/500). PPTP, as a transparent service can be handled by transport level networking rules (for firewalls routers etc.) but it also required manual set-up of the end points. IPSec, as a lower level protocol needs special handling at interfaces( making difficulties with NAT for instance), but it can handle its own tunnel set-up. Once the gateways have established IPSec tunnels, the hosts at either end don't normally need to worry about the tunnel.
So the difference is that PPTP is purely a tunnelling protocol, security is handled underneath it, so there has to be agreement by both ends as to what parameters are to be used. It is not a standard. The IETF RFC 2637 is informational only IPSec is more security oriented and connection oriented. It can use a third party PKI CA to handle keys. It is a full Internet standard (and built in to IPv6), but it can only handle TCP/IP traffic. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Football Talking Sent: Sun April 14 2002 19:48 To: [EMAIL PROTECTED] Subject: IPSEC Vs PPTP I want to get some collective thought on the pro's and con's of using PPTP Vs IPSec for VPN's (either site to site and remote users) Any comments would be appreciated : ) regards, John Taylor _________________________________________________________________ Join the world�s largest e-mail service with MSN Hotmail. http://www.hotmail.com _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
