Table of Contents
Advertisement
Chapter 12
Securing L2TP and IP Tunnels with IPSec
Overview
Tunnel Creation
This chapter describes how to secure generic routing encapsulation (GRE), Distance
Vector Multicast Routing Protocol (DVMRP), and Layer 2 Tunneling Protocol (L2TP)
tunnels with IP Security (IPSec) on your E Series router. It contains the following
sections:
Overview on page 287
Platform Considerations on page 288
References on page 288
L2TP/IPSec Tunnels on page 289
GRE/IPSec and DVMRP/IPSec Tunnels on page 300
Configuring IPSec Transport Profiles on page 302
Monitoring DVMRP/IPSec, GRE/IPSec, and L2TP/IPSec Tunnels on page 307
You can provide additional security to L2TP and IP tunnels by protecting them with
an IPSec transport connection. Secure IP interfaces are virtual IP interfaces that are
configured to provide confidentiality and authentication services for the traffic flowing
through the interface; that traffic can be L2TP, GRE, and DVMRP tunnel traffic. See
"Configuring IPSec" on page 125 for detailed information about IPSec.
GRE, DVMRP, and L2TP over IPSec provide security only between tunnel endpoints;
they do not provide end-to-end security. For end-to-end security, you need additional
security for the connection beyond the router.
ERX routers can have both unsecured GRE, DVMRP, and L2TP tunnels and tunnels
that are secured by IPSec. However, unsecured L2TP tunnels are not allowed on the
ISM. You use the following commands to create a secure tunnel:
L2TP tunnels Use the enable ipsec transport command in the L2TP destination
profile
GRE and DVMRP tunnels Use the ipsec-transport keyword in the interface
tunnel command
287
Overview
Advertisement
Table of Contents
Need help?
Do you have a question about the IP SERVICES - CONFIGURATION GUIDE V 11.1.X and is the answer not in the manual?