L2TP and IPsec

zenhound · February 2012

This is probably a dumb newb question, but I'm curious. In Darril Gibson's book (pg. 205) it says you can use L2TP to create a VPN tunnel, but that since it doesn't provide encryption you can combine it with IPsec for security.

My question is, why would you do this? Why not just implement IPsec? Does L2TP have lower overhead, either administrative or processing?

Anyway sorry if this is an idiotic question. I freely admit my newb status when it comes to these protocols.

Darril · March 2012

Good question. Why not just use IPsec instead of L2TP/IPsec? The short answer is that it often depends on the vendor solution that a company purchases. Today, many vendors are selling VPN solutions that use IPsec alone, but there are also older solutions in place and solutions using SSL.

Remote access has matured and morphed over the years. PPTP by Microsoft and L2F by Cisco were used in many early remote access solutions. The best of these two were combined into the L2TP as a non-proprietary standard and L2TP is secured with IPsec (as L2TP/IPsec). IPsec can be used alone and is popular. SSL is also becoming very popular. One of the reasons is that a simple web browser can be used, and it uses port 443.

Here's a short article by Deb Shinder you may like: Comparing VPN Options

HTH,

zenhound · March 2012

Thanks Darril! That all makes sense.

Also I'm a little in love with your book. You have a clean writing style and a way of explaining things that I find really works for me. I'm about halfway through so maybe I'll hit a wall but so far it's just great. So glad I found it via TE!

Darril · March 2012

Thanks. Glad you're enjoying the book. I'm grateful it has been helping so many people learn the material and pass the exam the first time they take it.

L2TP and IPsec

Comments