VPN Protocol Comparison

	L2TP	IPsec with IKE	SSL/TLS
System-Level Authentication	Control Session Challenge/Rsp	Mutual Endpoint Auth Preshared Secret Raw Public Keys Digital Certificates	Server Auth Digital Certificates
User-Level Authentication	PPP Auth PAP/CHAP/EAP	Vendor Extensions XAUTH, Hybrid, CRACK, etc..	Client Sub-Auth Optional
Message Integrity	None (use with IPsec)	IP Header & Payload IPsec AH or ESP Keyed Hash HMAC-MD5 or SHA-1	App Payload Keyed Hash MD5, SHA-1
Tunnel Policy Granularity	Network Adapter Tunnels all packets in PPP session, bi-directional	Security Associations Uni-directional policies defined by IP address, port, user id, system name, data sensitivity, protocol	Application Specific
Data Confidentiality	None (use with IPsec)	IP Header & Payload IPsec ESP DES-CBC, 3DES, other symmetric ciphers	Application Stream RC4, RC2, DES, 3DES, Fortezza
Compression	IPPCP	IPPCP	LZS