8

I understand that you can use IPSec to tunnel data securely. According to the Wikipedia page and a few other sources it can also tunnel IP packets and then route them through an interface. That would create a VPN where one subnet would be able to access another subnet in a very secure way.

However what I dont understand is why some people add L2TP to the stack. I get the idea that L2TP is secured by IPSEC, but if IPSEC already has a tunnel implementation wouldn't it just cause more overhead?

What is the attraction to L2TP/IPSEC when the same result can be reached with plain IPSec?

Wesley
  • 32,320
  • 9
  • 80
  • 116
Silverfire
  • 780
  • 4
  • 14

1 Answers1

4
  • IPSec -> Layer 3 auth and encryption
  • L2TP -> Layer 2 tunneling

From what I understand, IPSec wouldn't be carrying any Layer 2 information. That's where L2TP comes in.

TiCL
  • 329
  • 4
  • 11
  • 1
    So if you wanted to have a VPN on the same subnet you would need to have L2TP to keep things like ARP working, i think i get it now. – Silverfire Oct 08 '11 at 03:13