Layer 2 Tunneling Protocol (L2TP) encapsulates data link layer traffic in UDP payloads, allowing various layer two protocols to be routed over IP networks. L2TP does not provide confidentiality or integrity services on its own, but used in conjunction with IPSec, L2TP can be used to provision a VPN.
L2TP was developed as an adaptation of both Point-to-Point Tunneling Protocol (PPTP) and Cisco's earlier Layer 2 Forwarding Protocol (L2FP). L2TP improves over PTPP in offering stronger options for both authentication and encryption. In addition to PAP and CHAP, L2TP also supports authentication through EAP. With respect encryption, L2TP can support Microsoft's legacy Microsoft Point-to-Point Encryption (MPPE) as well as more robust IPSec and PPP Encryption Control Protocol (ECP) options.
L2TP encapsulates PPP packets with UDP and then sends this down the TCP/IP stack for further processing. If confidentiality is required, IPSec Encapsulating Security Payload (ESP) can be used. A full set of L2TP encapsulations for a confidential payload would include:
See: RFC 2661.
References:
http://www.cisco.com/warp/public/cc/pd/iosw/tech/l2pro_tc.htm
http://www.ivpn.net/knowledgebase/62/PPTP-vs-L2TP-vs-OpenVPN.html