My guess is that with IPSec/IKEv1, since it doesn't support NAT, you either have to manually configure routes from your machine, or use a layer 2 tunnel (such as l2tp) to talk with devices on the network you're connecting to. With IKEv2 it supports NAT, therefore no layer 2 tunneling / routing is required (except with configurations by an administrator on the VPN gateway once).
Asked
Active
Viewed 1,118 times
1 Answers
2
Found this question here: https://superuser.com/questions/737046/ipsec-with-or-without-l2tp
IPsec has been developed for IPv6, which does not know NAT anymore and using IPsec for IPv4 has always been some kind of hack. Not having NAT for the so called road warriors using IPv4 was a no-go. The only way to get it working in the 90th was to use L2TP, because L2TP works on top of UDP and NAT is possible.
My understanding is then this:
L2TP is used with IKEv1 for the 'road-warriors' / people needing to connect remotely to a network. It bypasses the limitation of IKEv1 not having NAT, or requiring the client to configure their own routing table to talk to clients on the remote network
IKEv2 supports NAT which enables the remote worker to talk to clients on the remote network, therefore L2TP isn't required. IKEv2 also has many other advantages.
L2TP probably isn't used for site-to-site VPNs, or for transport mode as routing tables are set up by administrators, or the communications are happening internally.
L2TP isn't used by itself since there's no encryption, so IPSec is secured to a gateway (with IKEv1), then L2TP takes over at the gateway through the IPSec connection to talk within the network.
You could technically use L2TP with IKEv2, it just isn't required. It would also have a performance impact, and probably other drawbacks, with no benefit.
chirond
- 31
- 5