l2tpv3 pass through gre/ipsec

hany_ibrahim · ‎08-13-2009

i have already l2tpv3 tunnel between 2 routers :

l2tp-class l2tpv3.class

authentication

digest secret 7 0701234D4A2A363732010E0F162F3F hash SHA1

password 7 082F4E4F0D3A2A25370A1910223B253B20222D0103

receive-window 100

retransmit retries 10

pseudowire-class cisco-class

encapsulation l2tpv3

interworking ip

protocol l2tpv3 l2tpv3.class

ip local interface Loopback0

ip pmtu

interface Loopback0

ip address 192.168.254.252 255.255.255.255

interface FastEthernet0/2.70

encapsulation dot1Q 70

xconnect 192.168.254.244 1020 pw-class cisco-class

my question is that i am going to setup GRE/IPSEC between the 2 routers , but the 2 loopback interfaces of the lt2pv3 tunnel will be routable through the GRE/IPsec tunnel , is this optimum solution & will it work , or there is a nother solution to secure the l2tp " l2tp/ipsec)

bwilmoth · ‎08-19-2009

There will not be any issue in configuring the loopback interfaces with GRE/IPSEC configuration. You can use the physical interface (or the loopback interface) IP addresses to identify Internet Key Exchange (IKE) peers.

The below URL illustrates an IP Security (IPSec) configuration using a generic routing encapsulation (GRE) tunnel between two routers. IPSec can be used to encrypt GRE tunnels to provide network layer security for non-IP traffic, such as Novell Internetwork Packet Exchange (IPX), AppleTalk, and so forth. The GRE tunnel in this example is purely used for transporting non-IP traffic. Hence, the tunnel does not have any IP address configured. Here are some configuration considerations:

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a0080093f70.shtml