We are having standard Cisco three layer network design consisting of access layer routers , distribution layer and core layer routers. We plan to form VPN/ IPSEC tunnel from access layer router to Core layer that is one end is access layer router and second end is Core router which is dedicated as a head end tunnel router. Second way is configuring two tunnels first from access layer router to corresponding distribution layer router and second tunnel from distribution router to core router. This method will add load on distribution routers as it will have to decrypt the first tunnel and again encrypt the same data and send it to core router. ( and also the reverse way when packets are moving from core to access layer routers ). This will definitely impact distribution layer memory and cpu. What is recomemded if there is going to be heavy traffic all the time.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...