
3.6.2.3IPsec SA
This page displays the information of the IPsec SA (Security Association).
Choose the menu VPN→IPsec→IPsec SA to load the following page.
Figure 3-66 IPsec SA
Figure 3-66 displays the connection status of the NO.1 entry in the List of IPsec policy in Figure 3-64. As shown in the figure, the Router is using WAN2 for tunnel connection, and the IP address of WAN2 and the default gateway of remote peer are 172.30.70.151 and 172.30.70.161 respectively. Security protocol and other parameters for IPsec tunnel and the remote router should be configured the same.
As Security Association is unidirectional, an ingoing SA and an outgoing SA are created to protect data flows for each tunnel after IPsec tunnel is successfully established. The ingoing SPI value and outgoing SPI value are different. However, the Incoming SPI value must match the Outgoing SPI value at the other end of the tunnel, and vice versa. The connection status on the remote endpoint of this tunnel is as the following figure shows. The SPI value is obtained via
3.6.3 L2TP/PPTP
Layer 2 VPN tunneling protocol consists of L2TP (Layer 2 Tunneling Protocol) and PPTP (Point to Point Tunneling Protocol).
Both L2TP and PPTP encapsulate packet and add extra header to the packet by using PPP (Point to Point Protocol). Table depicts the difference between L2TP and PPTP.
Protocol | Media | Tunnel | Length of Header | Authentication |
|
|
|
|
|
PPTP | IP network | Single tunnel | 6 bytes at least | Not supported |
|
|
|
|
|
| IP network of |
|
|
|
| UDP, frame relay |
|
|
|
L2TP | virtual circuit, | Multiple tunnels | 4 bytes at least | Supported |
| X.25 virtual |
|
|
|
| circuit |
|
|
|
|
|
|
|
|
|
|
|
|