[c-nsp] L2TPv3 Passwords Being Re-encrypted?

Jeffrey Ollie jeff at ocjtech.us
Fri Feb 8 10:45:39 EST 2008


I got a pair of 2811s yesterday that are going to be providing a
L2TPv3 tunnel between two VLANs across our WAN (some crazy department
bought an application that needs to be deployed at two different
campuses yet they need to be on the same L2 VLAN).  Anyway, I've got
the 2811s up and running in my lab (AKA known as some free horizontal
space on my desk) and the L2TPv3 tunnels seem to be working.  However,
as is my normal practice, I've configured RANCID to monitor the
configs of these routers and the encrypted passwords assigned to the
L2TPv3 tunnels change every time RANCID copies the config. The
underlying unencrypted password doesn't change (verified by decrypting
the password with one of the various tools available on the web) - the
router seems to be re-encrypting the password frequently - in fact
every few minutes.  Is this normal for L2TPv3 tunnels?  Both routers
are running 12.4(18) and have "service password-encryption" enabled.

Jeff


More information about the cisco-nsp mailing list