L2TP: Layer 2 Tunneling Protocol with IPSec

L2TP utilizes PPP for user authentication combined with IPSec for data encryption. This method relies on a PKI infrastructure, as both client and server certificates are required, in addition to username/password credentials. Together L2TP and IPSec (typically referred to as L2TP/IPSec) provide data integrity and authentication on a per-packet basis. Client support is offered natively by Windows XP and 2000. Support for Windows 98, ME, and NT 4.0 Workstation is available via a patch. (http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/l2tpclient.asp)

L2TP works by first establishing an Internet Key Exchange (IKE) negotiation in order to create an IPSec security association (SA). During IKE negotiation, the client and server exchange certificates and establish security parameters, including the authentication method and the keys to be used during the session. Data encryption is provided by a DES (or 3DES) block cipher with 56-bit keys (or 168-bit keys for 3DES).