07-28-2008 10:23 PM - edited 02-21-2020 03:51 PM
I have a specialized casino applications that requires end-to-end encryption. I am running the Microsoft l2tp IPSec stack between my XP machine and my Windows 2003 server on the LAN. Can I run the same type of Microsoft l2tp IPSec protocol stack between my XP machine and a branch office Windows 2003 server over an ASA to ASA site-to-site VPN tunnel? The ASA site-to-site VPN is an IPSec Preshare key type VPN that tunnels the traffic between our headquarters and a remote branch office.
In other words, will the ASA site-to-site IPSec VPN allow the encrypted Microsoft l2tp IPSec traffic through? My tunnel ACL would allow full IP access between site. Something like:
name 192.168.100.0 TexasSubnet
name 192.168.200.0 RenoSubnet
access-list nat_zero extended permit ip TexasSubnet 255.255.255.0 RenoSubnet 255.255.255.0
Solved! Go to Solution.
07-31-2008 03:28 AM
Hi,
Yes, the L2TP can be encapsulated in IPSEC like any other traffic.
However, make sure no NAT is performed on either end. L2TP has a header protection that by default that will see NAT as packet tampering and will discard it.
Cheers,
Daniel
07-30-2008 12:47 AM
Hi,
Yes it is possible to use L2TP/IPSEC Microsoft client to connect to the ASA:
Please rate if this helped.
Regards,
Daniel
07-30-2008 07:12 AM
You misread the issue. I am running a tunnel inside a tunnel. Please re-read.
Thank you.
07-31-2008 03:28 AM
Hi,
Yes, the L2TP can be encapsulated in IPSEC like any other traffic.
However, make sure no NAT is performed on either end. L2TP has a header protection that by default that will see NAT as packet tampering and will discard it.
Cheers,
Daniel
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide