An engineer is trying to decide between using L2TP or GRE over IPsec for their site-to-site VPN implementation. What must be understood before choosing a solution?
A.
L2TP is an IP packet encapsulation protocol, and GRE over IPsec is a tunneling protocol
B.
GRE over IPsec cannot be used as a standalone protocol, and L2TP can
C.
L2TP uses TCP port 47 and GRE over IPsec uses UDP port 1701
D.
GRE over IPsec adds its own header, and L2TP does not
I think answer D is correct, L2TP and GRE both encapsulate packet of original header to another protocol, L2TP is open standard and used for dial-up link to established point-to-point tunnel but it does not encrypt traffic so IPSec is used to do it. However, GRE is encapsulating packet in IP and add new IP Header. GRE is carrier protocol and IP is used for transport. GRE over IP is plain text tunnelling with IPSec provide encryption.
udp 1701 is used by the L2TP server, and L2TP adds it's own header, so we can exclude C and D. As I understand, it uses udp for encapsulation, so A is not a good answer either. B) it can be used as a standalone. B is a strange answer, because it is very recommended to use L2TP combined with IPsec. Still, I am going with B, because all the other answers seem to be incorrect.
Would have to vote B for this one as well...
A is incorrect - L2TP IS a TUNNELING protocol.
C is also incorrect - L2TP uses UDP and NOT TCP.
D is also incorrect - L2TP includes an additional set of IP, UDP, and L2TP headers.
Cisco definition: Unlike encapsulation, tunneling allows a lower-layer protocol and a same-layer protocol to be carried through the tunnel."
Like stalkr3 said before: L2TP carries a lower layer protocol (L2, like PPP). It is a tunneling protocol (hence the name) and not an encapsulation.
https://www.cisco.com/c/en/us/td/docs/ios/12_4/interface/configuration/guide/inb_tun.html#wp1045601
I think it's D and here is why:
Take a look at the L2TP header IN the IPSec packet in the diagram here: https://www.researchgate.net/figure/L2TP-over-IPsec-Encapsulation_fig10_330313436
It's not adding an additional header that GRE does as depicted in the diagram here in fig 14.1:
https://www.ciscopress.com/articles/article.asp?p=773666&seqNum=2
GRE adds its own required header to the IPSec packet and L2TP does not. Its header is encapsulated within the IPSec packet.
https://www.ibm.com/docs/en/i/7.4?topic=concepts-layer-2-tunnel-protocol
L2TP is actually a variation of an IP encapsulation protocol. The L2TP tunnel is created by encapsulating an L2TP frame inside a User Datagram Protocol (UDP) packet, which in turn is encapsulated inside an IP packet.
https://learningnetwork.cisco.com/s/question/0D53i00000KstmKCAR/difference-between-gre-and-ipsec
https://www.cloudflare.com/learning/network-layer/what-is-gre-tunneling/
GRE is a tunneling protocol
A: is not correct since L2TP is frame encapsulation and gre over ipsec is not a single protocol.
C: wrong
D:L2TP also adds it own header
So only B remaining ,its not clear for me but the other three answers seems wrong to me
i think B is write because GRE over ipsec is a combination of two protocols and cannot be used as standalone protocol, and L2TP can be used without security and encryption also we can use Ipsec to make it secure
A is wrong. Per Cisco site:"Unlike encapsulation, tunneling allows a lower-layer protocol and a same-layer protocol to be carried through the tunnel." L2TP carries a lower layer protocol (L2, like PPP). It is a tunneling protocol (hence the name) and not an encapsulation.
Yes B. C is obviously wrong. A is also wrong as L2TP is a tunnel protocol and what it encapsulates is the entire Ethernet frame, not just an IP packet, in addition, "GRE over IPsec" is not a protocol, it is using 2 protocols together. D is wrong too as L2TP does add its own header, just google for "L2TP header" and you will find the answer, the search resulted images are useful too.
I believe A is correct.
L2TP is actually a variation of an IP encapsulation protocol.
GRE is a tunneling protocol which is used to transport multicast, broadcast and non-IP packets like IPX etc. IPSec is an encryption protocol.
This section is not available anymore. Please use the main Exam Page.350-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
KKS789
2 months agokloug
6 months, 1 week agoPremium_Pils
8 months, 3 weeks agoRododendron2
11 months, 3 weeks agoTthurston1
1 year agosquirrelzzz
1 year, 1 month agoluismg
7 months, 2 weeks agoMPoels
1 year, 2 months agonep1019
1 year, 9 months agoffaiz
1 year, 10 months agohaiderzaid
2 years agohaiderzaid
2 years agostalkr3
2 years agoachille5
2 years, 1 month agoBrumik
2 years, 2 months agodavezz
2 years, 1 month agoluisseijuro
2 years, 2 months agoluisseijuro
2 years, 2 months agoCCNP21
2 years, 3 months agoAnonymous983475
2 years, 3 months ago