Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 236

An engineer is trying to decide between using L2TP or GRE over IPsec for their site-to-site VPN implementation. What must be understood before choosing a solution?

Answer options

• A. L2TP is an IP packet encapsulation protocol, and GRE over IPsec is a tunneling protocol
• B. GRE over IPsec cannot be used as a standalone protocol, and L2TP can
• C. L2TP uses TCP port 47 and GRE over IPsec uses UDP port 1701
• D. GRE over IPsec adds its own header, and L2TP does not

Correct answer: B

Explanation

The correct answer is B because GRE over IPsec requires IPsec for encryption and cannot function independently, while L2TP can operate alone. Option A is incorrect as it misdefines the roles of the protocols. Option C is wrong because L2TP actually uses UDP port 1701, not TCP port 47. Option D is also false because both protocols add headers; GRE adds its own header, while L2TP encapsulates data within its own header structure.