Lukasz, With L2TP, you are creating a point to point link. You will be configuring the pseudowire on the virtual-ppp interface that would get an IP address assigned via a pool on the LNS or using RADIUS (framed-ip-address). The default route on your router on the left hand side would point to the virtual-ppp interface.
Gaurav On Thu, Mar 22, 2012 at 5:03 PM, Lukasz <[email protected]> wrote: > Thanks Gaurav, > > > > This is very good :)...last question if you add LAN to the router on the > left and LAN behind L2TP server and you want to transmit the TCP traffic > from PC from the Router LAN into L2TP server LAN. > I guess you need to change the pseudowire source to be the LAN interface > (instead of loopback) but how routing will work? > > > > Lukasz > > > > > On 2012-03-22 17:57, Gaurav Sabharwal wrote: >> >> Yes. You will need to use IPsec tunnel mode. Commonly seen >> configuration calls for a loopback interface to be the source of all >> the interesting traffic and the pseudowire-class would use the >> loopback interface as the source. The IPsec ACL will be source as >> loopback and destination as your LNS. >> >> On Thu, Mar 22, 2012 at 1:43 PM, Lukasz <[email protected]> wrote: >>> >>> Thanks Gaurav, >>> >>> that makes sens, but I guess in that situation at first the router on the >>> left should not be able to reach the L2tp server till it establish IPsec >>> connection to the firewall? If that is the case then I need Ipsec tunnel >>> mode? If I put transport mode I probably need some static route on the >>> router or routing protocol which would points out the L2TP server? >>> >>> >>> >>> Lukasz >>> >>> >>> On 2012-03-22 16:36, Gaurav Sabharwal wrote: >>>> >>>> >>>> Lukasz, >>>> >>>> Yes. You can have IPsec terminating on a firewall and L2TP terminating >>>> on a router. The major advantage that you would get is off loading the >>>> crypto to a dedicated firewall. Until and unless you use routers such >>>> as 7200 with VAM2+ type encryption engine, it might be best to off >>>> load the crypto to another device. Another reason for using a firewall >>>> to terminate IPsec would be the security that it provides (think >>>> IDS/IPS, etc.). >>>> >>>> Thanks, >>>> Gaurav >>>> >>>> On Thu, Mar 22, 2012 at 11:57 AM, Lukasz <[email protected]> wrote: >>>>> >>>>> >>>>> Hi All, >>>>> >>>>> >>>>> I have feasibility question regarding l2tp and ipsec. I know you need >>>>> to >>>>> run >>>>> l2tp over ipsec but...can you terminate the ipsec on the ipsec head end >>>>> and >>>>> l2tp on the other device? If this is possible what is the advantage of >>>>> that >>>>> scenario? I believe the IPsec needs to be in transport mode in order >>>>> for >>>>> this to work. >>>>> >>>>> I only found information on cisco website about L2TPoverIPsec >>>>> terminated >>>>> on >>>>> the same head end. >>>>> >>>>> >>>>> >>>>> scenario >>>>> >>>>> >>>>> |router| ------- |IPsec Head end| ----- |L2TP head end| >>>>> >>>>> -----ipsec------- >>>>> LAC -------------------- L2TP --------------LNS >>>>> >>>>> >>>>> >>>>> Thanks in advance >>>>> >>>>> Lukasz >>>>> _______________________________________________ >>>>> For more information regarding industry leading CCIE Lab training, >>>>> please >>>>> visit www.ipexpert.com >>>>> >>>>> Are you a CCNP or CCIE and looking for a job? Check out >>>>> www.PlatinumPlacement.com >>>>> >>>>> http://onlinestudylist.com/mailman/listinfo/ccie_rs >>> >>> >>> > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
