I have a specialized casino applications that requires end-to-end encryption. I am running the Microsoft l2tp IPSec stack between my XP machine and my Windows 2003 server on the LAN. Can I run the same type of Microsoft l2tp IPSec protocol stack between my XP machine and a branch office Windows 2003 server over an ASA to ASA site-to-site VPN tunnel? The ASA site-to-site VPN is an IPSec Preshare key type VPN that tunnels the traffic between our headquarters and a remote branch office.
In other words, will the ASA site-to-site IPSec VPN allow the encrypted Microsoft l2tp IPSec traffic through? My tunnel ACL would allow full IP access between site. Something like:
name 192.168.100.0 TexasSubnet
name 192.168.200.0 RenoSubnet
access-list nat_zero extended permit ip TexasSubnet 255.255.255.0 RenoSubnet 255.255.255.0
Yes, the L2TP can be encapsulated in IPSEC like any other traffic.
However, make sure no NAT is performed on either end. L2TP has a header protection that by default that will see NAT as packet tampering and will discard it.