L2Sec
Virtual Private Network
Layer 2 Security (L2Sec) (RFC 2716) or SSL over L2TP along with IPSec over L2TP represent an alternative Hybrid Process to Layer 2 and Layer 3 tunneling. L2Sec was developed by NCP at a time when IPSec was still "in discussion". The technology is accordingly mature and has proven itself in large VPN projects. L2Sec is the consistent, progressive development of the standardized Layer 2 tunneling process regarding implementation security features for:
- Dynamic Encryption
- Strong Authentication.
For L2Sec in order to achieve a dynamic encryption and strong user authentication with smartcards or software certificates the Layer 2 Tunneling was not changed, instead we extended the PPP protocol to include the Secure Sockets Layer Handshake Protocol (SSL v 3.0). The security features are implemented in the PPP negotiation. For the user this means that End-to-End security between VPN client and VPN gateway with any number of switched routers in between.
The security process on Layer 2 in contrast with IPSec over L2TP, has a unique advantage for all companies not yet working with IP capable applications. This advantage is an integrated optional bridging functionality that transmits NetBios and SNA data as well as other Layer 2 Protocols native over IP networks. In addition the administration and configuration overhead is reduced and the performance is increased.
Diagram of SSL over L2TP or L2Sec.
The PPP negotiation starts as soon as a connection is established to the central system. A connection can be ISDN B-Channel, a modem link, or a VPN tunnel. If the PPP negotiation proceeds with SSK in conjunction with a Layer 2 Tunnel then the entire process will be encrypted according to RSA standard. This is how a secure End-to-End Tunnel is generated.
L2Sec is an integral part of the Advanced Security Module in the NCP security management.