Lukasz, Yes. You can have IPsec terminating on a firewall and L2TP terminating on a router. The major advantage that you would get is off loading the crypto to a dedicated firewall. Until and unless you use routers such as 7200 with VAM2+ type encryption engine, it might be best to off load the crypto to another device. Another reason for using a firewall to terminate IPsec would be the security that it provides (think IDS/IPS, etc.).
Thanks, Gaurav On Thu, Mar 22, 2012 at 11:57 AM, Lukasz <[email protected]> wrote: > Hi All, > > > I have feasibility question regarding l2tp and ipsec. I know you need to run > l2tp over ipsec but...can you terminate the ipsec on the ipsec head end and > l2tp on the other device? If this is possible what is the advantage of that > scenario? I believe the IPsec needs to be in transport mode in order for > this to work. > > I only found information on cisco website about L2TPoverIPsec terminated on > the same head end. > > > > scenario > > > |router| ------- |IPsec Head end| ----- |L2TP head end| > > -----ipsec------- > LAC -------------------- L2TP --------------LNS > > > > Thanks in advance > > Lukasz > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
