Once the discrepency start to pop up, they just can't seem to stop Sad Here is another one:

ISMH says IPSec and PPTP works at layer 4 and 3, AIO says IPSec and PPTP works at layer 3 and 2?

If you look at them from the mechanical aspect of how the OSI model works, it would be easier to understand.

Whenever you are dealing with something that requires the IP address to work, in this case, IPsec, that will almost certainly make it a Layer 3 protocol. When considering layer 4, you will then think in terms of sockets, that is the combination of IP address, protocol, and port number. IPsec is a layer 3 protocol because its main mission is providing end-to-end routing with AH or ESP via either tunneling mode or transport mode, it provides a "vehicle" for the layer 4 protocols to ride on. It does not concern itself with ports or transmissions as the layer 4 protocols do.

In PPTP, this is then a layer 2 protocol, well, the easy way to look at it is that whenever you are dealing with something that is called "point-to-point," you can pretty much put all your eggs in the basket called "layer 2." The implication is that IP address does not need to be involved here, it only concerns the hardware address. In Ethernet, that is the MAC address, and Token Ring, ATM, Frame Relay would use something else.

Another hint from the implication of point-to-point protocol is that you can only establish 1 connection, point-to-point, that is, one-to-one. IPsec does not pose such limitations.

The following is a quick cheat sheet of keywords for the 2,3,4 layer,

Layer 4: transmission, ports, sockets, error recovery, TCP, UDP
Layer 3: routing, IP,
Layer 2: hardware address, Mac, point-to-point,