3.1.3.1 Securing L2TP with IPsec

The L2TP per-packet security check is specified in section 3.3 of [RFC3193]. The LAC/LNS MAY verify the UDP port value in the packet that is received with the socket information that is used to set up the L2TP tunnel.

Section 4 of [RFC3193] specifies IPsec filtering details when protecting L2TP.

Section 4.2.3 of [RFC3193] specifies how a responder chooses a new address, if it is capable of doing so. The responder MUST NOT choose a new IP address during L2TP negotiation. The client SHOULD disconnect the session when it receives a StopCCN message. It SHOULD NOT check the result code or the error code.

Section 2 of [RFC3193] specifies the L2TP security requirements.

Section 4.2.2 of [RFC3193] specifies filters for protecting L2TP.

Section 5.1.4 of [RFC3193] specifies usage of pre-shared keys.