9

I am looking at different VPN protocols.

  1. L2TP does not provide encryption so require IPSec to encrypt the data
  2. IPSec tunnel provide encryption to the tunnel

What is the difference in terms of the packet that get sent through the link? Can you describe the two types?

WhiteWinterWolf
  • 19,082
  • 4
  • 58
  • 104
Terry
  • 193
  • 1
  • 4
  • Does @SteveDispensa's answer match what you are after, or are you looking for detail of what you would see with a packet capture tool? – Rory Alsop Sep 14 '11 at 07:49

3 Answers3

3

Those are only different in terms of administrative features; the ipsec layer, assuming it's set up correctly, providers equivalent protection in either case. When IPSec people say "tunnel mode", they don't quite mean what most network admins think of when they think of a GRE or L2TP tunnel, which is why the GRE/IPSec and L2TP/IPSec solutions are sometimes deployed.

Steve Dispensa
  • 3,441
  • 16
  • 20
2

Hi

There are two different subject :

1-Tunneling

2-Encryption

L2TP is a tunneling protocol it means the tunnel use capsulation and encapsulation at the end of the tunnels , and by default data transfer in tunnel in plain mode (not encrypted)

============================

Hello I am plain text

============================

in above diagram => ===== means tunnel and "Hello I am plain text" is data

IPSEC

============================

hkjeu349khjkd344

============================

in above diagram => ====== means tunnel and "hkjeu349khjkd344" is encrypted data using IPsec

GRE or L2tp made tunnel for us and IPSEC encrypt all data in the tunnel

Arash
  • 21
  • 1
2

What is the difference in terms of the packet that get sent through the link? Can you describe the two types?

Quick review of network stack: Layer 3: Network (IPv4, IPv6, IPsec, BGP, RIP) Layer 2: Link Layer (IEEE 802.2, L2TP, GRE) Layer 1: Physical (Ethernet, WiFi)

L2TP and GRE do not perform encryption on the data they encapsulate. Anyone who can listen to data on your network can read the data inside either frame. IPSec encrypts the data it contains. The problem with IPSec is that it interferes with routing, especially if you are doing any address translation behind your router.

note: L2TP and GRE are not really Layer 2, but it is helpful to think of them that way.

this.josh
  • 8,843
  • 2
  • 29
  • 51