tag:blogger.com,1999:blog-385626179821720396.post7452129251328969750..comments2023-10-25T09:07:16.071-07:00Comments on Roggy: L2TPv3 over IPSec with VLANS-How toRoggyhttp://www.blogger.com/profile/01784711598028652715noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-385626179821720396.post-21772879922474074902018-03-24T22:29:27.471-07:002018-03-24T22:29:27.471-07:00Hi Guys,
Did anybody test the configuration of L2...Hi Guys,<br /><br />Did anybody test the configuration of L2TPv3. I tried to use teh same config without IPSEC and it doesnt work. ARP request goes through the tunnel and reaches at the other end but the response is never received.mAlihttps://www.blogger.com/profile/14909948699366916382noreply@blogger.comtag:blogger.com,1999:blog-385626179821720396.post-34465070171851768292016-10-21T11:47:26.945-07:002016-10-21T11:47:26.945-07:00Me ha sido de mucha ayuda este tutorial, pues un c...Me ha sido de mucha ayuda este tutorial, pues un cliente me ha pedido migrar sus enlaces de L3MPLS a L2 MPLS-encriptado, como nuestra infraestructura no soporta L2 MPLS puro, se ha levantado L2tpv3 encriptado, he usado int loop para el pseudo, he hecho un laboratorio, ahora debo implementarlo en el cliente, gracias por estas informacion.<br /><br />Juan CarlosJuanCarloshttps://www.blogger.com/profile/03974613444188267064noreply@blogger.comtag:blogger.com,1999:blog-385626179821720396.post-50188118235108898322012-07-17T14:10:44.884-07:002012-07-17T14:10:44.884-07:00What platform are you running? I cannot execute x...What platform are you running? I cannot execute xconnect commands on a subinterface using a 2811 router. Also, after I have typed the xconnect command on the f0/1 interface, I cannot execute encapsulation dot1q XX commands either.Anonymoushttps://www.blogger.com/profile/08968856737368353314noreply@blogger.comtag:blogger.com,1999:blog-385626179821720396.post-73580415139716848562011-02-15T11:49:01.877-08:002011-02-15T11:49:01.877-08:00for router->asa or asa -> asa use ipsec tunn...for router->asa or asa -> asa use ipsec tunnels.Roggyhttps://www.blogger.com/profile/01784711598028652715noreply@blogger.comtag:blogger.com,1999:blog-385626179821720396.post-48971384073281364802011-02-15T01:16:26.744-08:002011-02-15T01:16:26.744-08:00Hi Roggy,
Great tutorial.
But I am looking for in...Hi Roggy,<br />Great tutorial.<br /><br />But I am looking for info, if is it possible to configure LAN-to-LAN L2TP tunnel between Cisco router and ASA, or maybe between two ASAs?<br /><br />Best regards,Unknownhttps://www.blogger.com/profile/02874074651350291701noreply@blogger.comtag:blogger.com,1999:blog-385626179821720396.post-14336227724283558712009-09-22T15:18:02.757-07:002009-09-22T15:18:02.757-07:00Ooo interesting approach. Ill have play and get ba...Ooo interesting approach. Ill have play and get back to you :)Roggyhttps://www.blogger.com/profile/01784711598028652715noreply@blogger.comtag:blogger.com,1999:blog-385626179821720396.post-76425495780399228502009-09-20T00:30:05.048-07:002009-09-20T00:30:05.048-07:00Hi Roggy
You are using F1/0 for applying the cryp...Hi Roggy<br /> You are using F1/0 for applying the crypto map and also as local interface in the pseudowire class, i don't believe this can work 100% correctly in terms of what process would be applied first since you can not prioritize the order of operations. The target scenario would be L2TP interesting traffic to fire up the IPsec then L2TPv3 traffic is encapsulated with IPsec {|ESP||L2TPv3||DATA|}. It's better to use a separate interface for L2TP , eg configure a loopback interface on R1 R2 R3 and use it as local interface in the pseudowire class. For classification don't use udp port 1701 but protocol 115 (L2TP) ; access-list 100 permit 115 R1 Lo0 -> R2 Lo0 and apply ACL in CRYPTO map for match.I m running some tests with dynamips and seems to be working fine with this approach (using also NAT as i m interested in real deployment scenario):<br /><br />CE1<-->PE1<-->ASBR1<--->INTERNET<--->ASBR2<-->PE2<-->CE2<br /><br />BR<br />Orestis46Unknownhttps://www.blogger.com/profile/04073696663196110122noreply@blogger.com