Internet Protocol Security Protocol (IPSec) provides enhanced security features such as
stronger encryption algorithms and more comprehensive authentication. IPSec has two
encryption modes: tunnel and transport. Tunnel mode encrypts the header and the payload of
each packet while transport mode only encrypts the payload. Only systems that are IPSec-
compliant can take advantage of this protocol. Also, all devices must use a common key or
certificate and must have very similar security policies set up. For remote-access VPN
users, some form of third-party software package provides the connection and encryption on
the users PC. IPSec supports either 56-bit (single DES) or 168-bit (triple-DES) encryption.
PPTP was created by the PPTP Forum, a consortium which includes US Robotics, Microsoft,
3COM, Ascend, and ECI Telematics. PPTP supports multi-protocol VPNs, with 40-bit and 128-
bit encryption using a protocol called Microsoft Point-to-Point Encryption (MPPE). It is
important to note that PPTP by itself does not provide data encryption.
Commonly called L2TP over IPSec, this provides the security of the IPSec protocol over the
tunneling of Layer 2 Tunneling Protocol (L2TP). L2TP is the product of a partnership
between the members of the PPTP forum, Cisco, and the Internet Engineering Task Force
(IETF). Primarily used for remote-access VPNs with Windows 2000 operating systems, since
Windows 2000 provides a native IPSec and L2TP client. Internet Service Providers can also
provide L2TP connections for dial-in users, and then encrypt that traffic with IPSec
between their access-point and the remote office network server.