Layer 2 Tunneling Protocol/IPSec

This excerpt from e-book "The tips and tricks guide to securing Windows Server 2003" describes how the L2TP encapsulation works with a PPP frame and provides two layers of encapsulation.

The following excerpt is from Chapter 7 of the free e-book "The tips and tricks guide to securing Windows Server...

2003" written by Roberta Bragg and available at Click for the complete book excerpt series.


Layer 2 Tunneling Protocol/IPSec

If this combination is chosen for the VPN, Layer 2 Tunneling Protocol/IPSec (L2TP) uses IPSec for data encryption. (L2TP/IPSec is usually pronounced as L2TP over IPSec.) The L2TP encapsulation, like PPTP, works with a PPP frame but provides two layers of encapsulation. First, the PPP frame is wrapped with an L2TP header and a UDP header. Next, this message is wrapped with an IPSec header and trailer, an IPSec Authentication trailer (for message integrity and authentication) and finally, an IP header. Figure 7.26 illustrates this design. The IP header includes the source and destination address of the client and server.

Figure 7.26: L2TP/IPSEc encapsulation and encryption.

As you can see, the entire message, exclusive of the IPSec header and trailer and the final IP header is encrypted. DES or 3DES is the encryption algorithm used.

Click for the next excerpt in this series: L2TP over IPSec and NAT -- NAT Traversal.


Click for the book excerpt series or visit to obtain the complete book.


Dig Deeper on Windows Server Monitoring and Administration



Find more PRO+ content and other member only offers, here.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: