Shulou(Shulou.com)06/03 Report--

This article introduces the relevant knowledge of "the specific usage of tunnel agent". In the operation of actual cases, many people will encounter such a dilemma. Next, let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

1. User confirmation.

Layer 2 tunneling protocol inherits the method of user authentication of PPP protocol. Many layer 3 tunneling techniques assume that the two endpoints of the tunnel are known to each other or have been verified before the tunnel is created. The ISAKMP negotiation of the IPSec protocol provides mutual authentication between tunnel endpoints, which is an exception.

2. Token card (card) support.

Using the extended authentication protocol (EAP), the layer 2 tunneling protocol can support a variety of authentication methods, including one-time password (one-timepassword), encryption calculator (cryptographiccalculator), smart card and so on. Layer 3 tunneling protocols also support the use of similar methods. For example, the IPSec protocol can determine the validity of public key certificates through ISAKMP/Oakley negotiation.

3. Dynamically assign addresses.

Layer 2 tunneling protocol supports dynamic allocation of user addresses based on the negotiation mechanism of Network Control Protocol (NCP). Layer 3 tunneling protocols usually assume that addresses are assigned before the tunnel is established. The address allocation mechanism in the current IPSec tunnel mode remains to be improved.

4. Data compression. The second-level tunnel protocol supports data compression based on PPP mode.

Microsoft's PPTP and L2TP, for example, use Microsoft's (MPPE) peer-to-peer encryption protocol. In the layer 3 tunneling protocol, IETP also uses a similar data compression mechanism.

5. Data encryption.

Layer 2 tunneling protocol supports PPP-based encryption mechanism. Microsoft's PPTP scheme supports MPPE selection based on the RSA/RC4 algorithm. Layer 3 tunneling protocols can use similar methods, for example, IPSec determines some optional data encryption methods through ISAKMP/Oakley negotiation. The L2TP protocol uses Microsoft's IPSec encryption technology to protect data flow between tunnel clients and servers.

6. Key management.

MPPE is a layer 2 protocol that relies on the key generated during user authentication and is updated periodically. During the ISAKMP exchange, the IPSec publicly negotiates the public key and updates it periodically.

7. Multi-protocol support.

Layer 2 tunneling protocol supports multiple payload data protocols, so tunnel users can access multiple protocols, such as IP, IPX, NetBEUI and other enterprise networks. Layer 3 tunneling protocols such as IPSec tunnel mode can only support target networks using IP protocol.

This is the end of the content of "specific usage of Tunnel Agent". Thank you for your reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.