Implementing Cisco Service Provider VPN Services - Troubleshooting L2TPv3 Tunneling Security

Troubleshooting L2TPv3 Tunneling Security

Question

A network architect is troubleshooting the L2TPv3 tunneling security due to the untrusted nature of the underlaying network.

Which two L2TPv3 features does the architect deploy to address the ongoing issues? (Choose two.)

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

BC.

L2TPv3 (Layer 2 Tunneling Protocol Version 3) is a protocol used to establish a point-to-point L2TP tunnel over an IP network, allowing the encapsulation of various types of L2 protocols. However, due to the untrusted nature of the underlying network, security is a concern for network architects. In this scenario, the architect is troubleshooting the L2TPv3 tunneling security and needs to deploy features to address the issues.

Here are the two L2TPv3 features the architect can deploy to address the ongoing security issues:

A. TCP MD5 authentication: TCP MD5 authentication is a feature that provides a secure means of authenticating TCP segments exchanged between two devices. It uses a cryptographic hash function to create a message digest of the TCP segment data and a shared secret key. The recipient device can then verify the message digest using the same shared secret key, ensuring that the TCP segment was not modified during transmission. By deploying TCP MD5 authentication, the architect can ensure the integrity and authenticity of L2TPv3 traffic over the untrusted network.

D. Control message rate limiting: Control message rate limiting is a feature that limits the number of control messages sent between the L2TPv3 tunnel endpoints. This feature can prevent denial-of-service (DoS) attacks that rely on flooding the tunnel endpoints with control messages, which can consume network resources and cause performance issues. By deploying control message rate limiting, the architect can mitigate the risk of DoS attacks and ensure the stability of the L2TPv3 tunnel.

Therefore, A and D are the two L2TPv3 features that the architect can deploy to address the ongoing security issues due to the untrusted nature of the underlying network.

The other options, B, C, and E, are not relevant in this scenario. Control message hashing (B) is a feature that provides message authentication for control messages exchanged between L2TPv3 tunnel endpoints, but it does not address the security issues caused by the untrusted nature of the underlying network. CHAP authentication (C) is a protocol used for authenticating PPP connections, not L2TPv3 tunnels. Asymmetric mutual authentication with PSK (E) is a feature used for mutual authentication between the L2TPv3 tunnel endpoints, but it is not relevant in this scenario.