4

IPsec facilitates encryption and authentication with ESP. With tunnel mode, IPSec is also providing tunnelling. More importantly, one can use IPsec in tunnel mode, along with transport mode (i.e. encapsulate one over other).

Hence, IPsec is enough for:

  • Authentication
  • Confidentiality
  • Integrity

Whereas, Layer two Tunnelling Protocol (L2TP) is meant only for tunnelling. Then, for encryption, it uses IPsec.

My question is why IPsec has to support L2TP (kind of self-respect), where IPsec is capable of both encryption and tunnelling?

Ajay
  • 184
  • 1
  • 13

1 Answers1

5

It depends what kind of tunnel you want.

IPsec can create a tunnel working at IP level for you. It means your tunnel will encapsulate IP packets, it can also be seen as a router or a layer 3 tunnel.

But you may want to have a layer 2 tunnel, a bridge, working at ethernet or another physical/liaison protocol. In this case you'll need L2TP and IPsec if you want confidentiality too because L2TP doesn't do encryption as you said.

Romain Clair
  • 550
  • 2
  • 10
  • Thanks! Are you saying that IPsec works on network layer, but L2TP works at data-link layer? – Ajay Dec 19 '15 at 16:26
  • 1
    It's more a question of what's on the tunneling protocol. With ipsec you can transport IP, with L2TP, you can transport a data-link protocol. – Romain Clair Dec 19 '15 at 16:29