The following excerpt is from Chapter 7 of the free e-book "The tips and tricks guide to securing Windows Server 2003" written by Roberta Bragg and available at Realtimepublishers.com. Click for the complete book excerpt series.
Layer 2 Tunneling Protocol/IPSec
If this combination is chosen for the VPN, Layer 2 Tunneling Protocol/IPSec (L2TP) uses IPSec for data encryption. (L2TP/IPSec is usually pronounced as L2TP over IPSec.) The L2TP encapsulation, like PPTP, works with a PPP frame but provides two layers of encapsulation. First, the PPP frame is wrapped with an L2TP header and a UDP header. Next, this message is wrapped with an IPSec header and trailer, an IPSec Authentication trailer (for message integrity and authentication) and finally, an IP header. Figure 7.26 illustrates this design. The IP header includes the source and destination address of the client and server.
Figure 7.26: L2TP/IPSEc encapsulation and encryption.
As you can see, the entire message, exclusive of the IPSec header and trailer and the final IP header is encrypted. DES or 3DES is the encryption algorithm used.
Click for the next excerpt in this series: L2TP over IPSec and NAT -- NAT Traversal.