If I am understanding your post correctly you have configured the routers to do forwarding at layer 2 between Ethernet and Serial interfaces on each router and layer 2 forwarding between serial interfaces between routers. This means that you have disabled layer 3 processing of IP on those interfaces. But IPSec is an IP process (running at layer 3). I do not see how you can implement layer 3 IPSec on interfaces forwarding at layer 2.
Perhaps it might be possible to maintain the router config and to implement some external encryptor connecting at the serial interface and have it perform encryption.
Yes the IPSec with GRE wants to encrypt IP (layer 3) packets but you are bridging layer 2 Ethernet frames. So IPSec/GRE will not work. I do not have experience with it, but from what I have read I believe that L2TP may be your best chance at getting this to work - and I know that your original post says that you can not use L2TP. Other than the external encryptors I am not sure what could get this to work.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...