Tip

VPN acronym roundup

VPN acronym roundup
Tom Lancaster

With so many VPN technologies and acronyms floating about, trying to keep up with which protocol does what can be quite a chore. In this tip, we have an acronym roundup and explain briefly how these relate to each other and give some clues to help you figure out which technology right for you.

L2F
Layer 2 Forwarding was created by Cisco and submitted to the IETF in '96 (practically pre-historic in Internet-time). Its purpose was to help service providers create Virtual Private Dialup Networks (VPDN).

 

L2TP
the result of a joint-effort by Cisco and Microsoft, Layer 2 Tunneling Protocol is responsible for creating and managing tunnels. For encryption, it relies on IPSec. L2TP tunnels can operate in voluntary or compulsory mode, but voluntary are much more common. IPSec over L2TP is generally considered more secure than PPTP because of the architecture and strength of keys. This protocol will eventually replace Cisco's L2F and Microsoft's PPTP.

 

PPTP
A Microsoft standard, the Point-to-Point Tunneling Protocol eventually was defined in an informational RFC. Although generally not well regarded, PPTP does have some strengths. Unlike IPSec, it can encrypt and transport non-IP protocols and it is compatible with Network Address Translation. It is also much more widespread because it's included for free

    Requires Free Membership to View

in most Windows operating systems. For better or worse, it can integrate authentication with the Windows NT/2000 domains and unlike L2TP, most PPTP tunnels are compulsory. PPTP is frequently used for both remote-access and for connecting remote offices in an intranet.

 

PPPoE
Point to Point Protocol over Ethernet is a standard that allows the encapsulation and authentication properties of PPP to be used over other layer 2 technologies such as Ethernet. This technology is used almost exclusively by the xDSL providers.

 

IPSec
Unlike all the previous examples, IPSec operates at layer 3 instead of layer 2. It is primarily used to encrypt and authenticate traffic using the Encapsulation Security Payload (ESP) but can be used for authentication only with the Authentication Header (AH) protocol. Although very secure, it has some drawbacks. It is incompatible with NAT and it doesn't allow other layer 3 protocols, such as Appletalk or IPX to be encapsulated. (thus the name, IP Sec). A significant advantage of IPSec is strong authentication using smart-cards or Digital Certificates.

 

GRE
Generic Routing Encapsulation is another layer 3 protocol that is used primarily to encrypt traffic, but it also has the advantage of supporting non-IP protocols.

Thomas Alexander Lancaster IV is a consultant and author with over ten years experience in the networking industry, focused on Internet infrastructure.


This was first published in October 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.