|
Home > Archive > 70-216 > March 2003 > Packets
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| me? I dunno... 2003-02-26, 12:50 am |
| I guess I need to know packets inside and out for this one?
does anybody know where the best place is to get learning tools for packets, or have a strategy for familiarizing themselves with packets as quickly as possible? | |
| andrewbishop 2003-02-26, 7:07 am |
| You don't really need to know much about the internals of a packet. The only things that you need to know is how pptp and ipsec affect the makup of a packet and how nat and ics change the headers. The real nitty gritty of packets is not really covered. | |
| jeff_j_black 2003-02-26, 8:24 am |
| IP security is based on the network layer.
Briefly review the OSI network layer model.
The Transport layer segments data, the Network layer put that data in packets, the data link layer puts the data in frames that fit on the physical layer.
IP security works on the Network layer, by manipulating the Network header information of the packet. It is kind of like building a tunnel throught the public network, using a mathematically contrived means.
For the exam and even most day-to-day use of PPTP and L2TP, you won't be dissecting packet headers, just understand the ideas surrounding the technology.
This is the reason that NAT and L2TP don't get along, they both manipulate the packet header. | |
| me? I dunno... 2003-02-28, 2:04 pm |
| andrewbishop, jeff_j_black,
thanks, much reading to do yet, just trying to determine major focal points. | |
| me? I dunno... 2003-03-03, 5:54 pm |
| quote:
This is the reason that NAT and L2TP don't get along, they both manipulate the packet header.
Would that be overcome by dmz design? | |
| jeff_j_black 2003-03-04, 1:42 pm |
| You are still not going to be able to pass L2TP through NAT. Essentially L2TP surrounds the original packet, including adding its own header, with information that drives authenticated packets and encrypted packets.
NAT strips the original header from packets, to change public addressing in the header to privated addressing. This is why L2TP won't work with NAT, NAT tries to remove the L2TP header, which is needed to authenticate and/or decrypt the packet.
PPTP will pass as only the data portion of the packet is encrypted, not the entire packet as in L2TP. So NAT can work with the address information in the header of a PPTP packet without upsetting the encrypted data. |
|
|
|
|