I need to link two sites together using 2811 routers. I have a layer 2 link (effectively Ethernet) between two 2811 routers (using the Fa0/0 interfaces).
The wireless link is not encrypted, so I would like to use the 2811 routers to encrypt the traffic. The problem is the link must still appear as layer 2 (i.e. same VLAN(s) both sides.
Is this possible?
this is possible although you should be aware of possible performance problems.
The L2 point-to-point transport service can be implemented with L2TPv3.
it can be defined on a per vlan subinterface basis.
L2tpv3 packets between the two routers then need to be encrypted using IPSec for example
you can define with an extended ACL what traffic has to be encrypted in your case the L2TPv3 flow.
Another possible solution uses NAT and IPSec
you can use this as reference for the ipsec the L2TPv3 really joins the two broadcast domains and should be what you look for.
Hope to help