[c-nsp] L2TP again
Bernd Ueberbacher
noc at mynet.at
Wed Jul 25 08:37:17 EDT 2007
Rodney Dunn wrote:
> On Wed, Jul 25, 2007 at 11:17:09AM +0200, Bernd Ueberbacher wrote:
>
>> Hi there!
>>
>> My L2TPv3 tunnel is currently running fine, but I have two short but
>> stupid questions:
>>
>> Is it possible to interfere the L2TP traffic with access-lists?
>>
>
> No. Not on the access side.
>
Is there any way to deny some specific traffic on a l2tp link?
>> I have to xconnect to the LAN address of the router. On the LAN side I
>> just have a few /30 networks but nothing else. Should I pick one of the
>> IPs from those networks to xconnect to or is it allowed to xconnect to
>> the NETWORK ADDRESS of the /28 network on my LAN side? This seems better
>> to me than using one of the real /30 IPs, but I don't wanna break the
>> law/some RFC *G*
>>
>
> You should do your xconnects to loopback addresses that are routed
> between the two tunnel endpoints.
>
That was just a thought. My "Layer 2 VPN Architectures" book also has
the same opinion and so I guess I should be listening to you ;-)
Thanks!
Bernd
More information about the cisco-nsp
mailing list