Re: [OSL | CCIE_RS] L2TP over IPSec

Thu, 22 Mar 2012 11:02:30 -0700 

Thanks Gaurav,
that makes sens, but I guess in that situation at first the router on the left should not be able to reach the L2tp server till it establish IPsec connection to the firewall? If that is the case then I need Ipsec tunnel mode? If I put transport mode I probably need some static route on the router or routing protocol which would points out the L2TP server? 



Lukasz

On 2012-03-22 16:36, Gaurav Sabharwal wrote:

Lukasz,


Yes. You can have IPsec terminating on a firewall and L2TP 
terminating
on a router. The major advantage that you would get is off loading 
the

crypto to a dedicated firewall. Until and unless you use routers such
as 7200 with VAM2+ type encryption engine, it might be best to off

load the crypto to another device. Another reason for using a 
firewall

to terminate IPsec would be the security that it provides (think
IDS/IPS, etc.).

Thanks,
Gaurav

On Thu, Mar 22, 2012 at 11:57 AM, Lukasz <[email protected]> wrote:

Hi All,



I have feasibility question regarding l2tp and ipsec. I know you 
need to run
l2tp over ipsec but...can you terminate the ipsec on the ipsec head 
end and
l2tp on the other device? If this is possible what is the advantage 
of that
scenario? I believe the IPsec needs to be in transport mode in order 
for

 this to work.


I only found information on cisco website about L2TPoverIPsec 
terminated on

the same head end.



scenario


 |router| ------- |IPsec Head end| ----- |L2TP head end|

      -----ipsec-------
 LAC     -------------------- L2TP --------------LNS



Thanks in advance

Lukasz
_______________________________________________

For more information regarding industry leading CCIE Lab training, 
please

visit www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com

http://onlinestudylist.com/mailman/listinfo/ccie_rs


_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

http://onlinestudylist.com/mailman/listinfo/ccie_rs





















					Reply via email to