IPSec
-----
Internet Protocol Security Protocol (IPSec) provides enhanced security features such as
stronger encryption algorithms and more comprehensive authentication. IPSec has two
encryption modes: tunnel and transport. Tunnel mode encrypts the header and the payload of
each packet while transport mode only encrypts the payload. Only systems that are IPSec-
compliant can take advantage of this protocol. Also, all devices must use a common key or
certificate and must have very similar security policies set up. For remote-access VPN
users, some form of third-party software package provides the connection and encryption on
the users PC. IPSec supports either 56-bit (single DES) or 168-bit (triple-DES) encryption.
PPTP/MPPE
---------
PPTP was created by the PPTP Forum, a consortium which includes US Robotics, Microsoft,
3COM, Ascend, and ECI Telematics. PPTP supports multi-protocol VPNs, with 40-bit and 128-
bit encryption using a protocol called Microsoft Point-to-Point Encryption (MPPE). It is
important to note that PPTP by itself does not provide data encryption.
L2TP/IPSec
----------
Commonly called L2TP over IPSec, this provides the security of the IPSec protocol over the
tunneling of Layer 2 Tunneling Protocol (L2TP). L2TP is the product of a partnership
between the members of the PPTP forum, Cisco, and the Internet Engineering Task Force
(IETF). Primarily used for remote-access VPNs with Windows 2000 operating systems, since
Windows 2000 provides a native IPSec and L2TP client. Internet Service Providers can also
provide L2TP connections for dial-in users, and then encrypt that traffic with IPSec
between their access-point and the remote office network server.