Can this be done? I wasn't sure if its possible to encrypt on a sub interface that then adds a dot1Q header. We are running vrf lite on our CE's connected to an MPLS core. Only one vrf on the trunk needs encryption. Many Thanks
I have this problem too.