Thanks again Gaurav for explanation :)
Cheers,
Lukasz
On 2012-03-23 00:03, Gaurav Sabharwal wrote:
Lukasz,
With L2TP, you are creating a point to point link. You will be
configuring the pseudowire on the virtual-ppp interface that would
get
an IP address assigned via a pool on the LNS or using RADIUS
(framed-ip-address). The default route on your router on the left
hand
side would point to the virtual-ppp interface.
Gaurav
On Thu, Mar 22, 2012 at 5:03 PM, Lukasz <[email protected]> wrote:
Thanks Gaurav,
This is very good :)...last question if you add LAN to the router on
the
left and LAN behind L2TP server and you want to transmit the TCP
traffic
from PC from the Router LAN into L2TP server LAN.
I guess you need to change the pseudowire source to be the LAN
interface
(instead of loopback) but how routing will work?
Lukasz
On 2012-03-22 17:57, Gaurav Sabharwal wrote:
Yes. You will need to use IPsec tunnel mode. Commonly seen
configuration calls for a loopback interface to be the source of
all
the interesting traffic and the pseudowire-class would use the
loopback interface as the source. The IPsec ACL will be source as
loopback and destination as your LNS.
On Thu, Mar 22, 2012 at 1:43 PM, Lukasz <[email protected]> wrote:
Thanks Gaurav,
that makes sens, but I guess in that situation at first the router
on the
left should not be able to reach the L2tp server till it establish
IPsec
connection to the firewall? If that is the case then I need Ipsec
tunnel
mode? If I put transport mode I probably need some static route on
the
router or routing protocol which would points out the L2TP server?
Lukasz
On 2012-03-22 16:36, Gaurav Sabharwal wrote:
Lukasz,
Yes. You can have IPsec terminating on a firewall and L2TP
terminating
on a router. The major advantage that you would get is off
loading the
crypto to a dedicated firewall. Until and unless you use routers
such
as 7200 with VAM2+ type encryption engine, it might be best to
off
load the crypto to another device. Another reason for using a
firewall
to terminate IPsec would be the security that it provides (think
IDS/IPS, etc.).
Thanks,
Gaurav
On Thu, Mar 22, 2012 at 11:57 AM, Lukasz <[email protected]>
wrote:
Hi All,
I have feasibility question regarding l2tp and ipsec. I know you
need
to
run
l2tp over ipsec but...can you terminate the ipsec on the ipsec
head end
and
l2tp on the other device? If this is possible what is the
advantage of
that
scenario? I believe the IPsec needs to be in transport mode in
order
for
this to work.
I only found information on cisco website about L2TPoverIPsec
terminated
on
the same head end.
scenario
|router| ------- |IPsec Head end| ----- |L2TP head end|
-----ipsec-------
LAC -------------------- L2TP --------------LNS
Thanks in advance
Lukasz
_______________________________________________
For more information regarding industry leading CCIE Lab
training,
please
visit www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
http://onlinestudylist.com/mailman/listinfo/ccie_rs
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
http://onlinestudylist.com/mailman/listinfo/ccie_rs
