07-28-2008 10:23 PM - edited 02-21-2020 03:51 PM
I have a specialized casino applications that requires end-to-end encryption. I am running the Microsoft l2tp IPSec stack between my XP machine and my Windows 2003 server on the LAN. Can I run the same type of Microsoft l2tp IPSec protocol stack between my XP machine and a branch office Windows 2003 server over an ASA to ASA site-to-site VPN tunnel? The ASA site-to-site VPN is an IPSec Preshare key type VPN that tunnels the traffic between our headquarters and a remote branch office.
In other words, will the ASA site-to-site IPSec VPN allow the encrypted Microsoft l2tp IPSec traffic through? My tunnel ACL would allow full IP access between site. Something like:
name 192.168.100.0 TexasSubnet
name 192.168.200.0 RenoSubnet
access-list nat_zero extended permit ip TexasSubnet 255.255.255.0 RenoSubnet 255.255.255.0
Solved! Go to Solution.
07-31-2008 03:28 AM
Hi,
Yes, the L2TP can be encapsulated in IPSEC like any other traffic.
However, make sure no NAT is performed on either end. L2TP has a header protection that by default that will see NAT as packet tampering and will discard it.
Cheers,
Daniel
07-30-2008 12:47 AM
Hi,
Yes it is possible to use L2TP/IPSEC Microsoft client to connect to the ASA:
Please rate if this helped.
Regards,
Daniel
07-30-2008 07:12 AM
You misread the issue. I am running a tunnel inside a tunnel. Please re-read.
Thank you.
07-31-2008 03:28 AM
Hi,
Yes, the L2TP can be encapsulated in IPSEC like any other traffic.
However, make sure no NAT is performed on either end. L2TP has a header protection that by default that will see NAT as packet tampering and will discard it.
Cheers,
Daniel
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: