Claro, es ciertamente posible. Básicamente, deberá configurar un mapa criptográfico para capturar y cifrar el tráfico L2TP. La configuración psuedowire \ L2TP se puede conectar a una interfaz Virtual-PPP. Aquí hay un fragmento de configuración que debería ayudarlo.
! Basic ISAKMP\IPSec configuration, tweak as needed.
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 4000
!
crypto isakmp key *preshared key* address 1.2.3.4
!
crypto ipsec transform-set ESP-AES256-SHA1 esp-aes 256 esp-sha-hmac
mode transport
!
! Crypto map that will catch our L2TP Traffic defined in the L2TP_TRAFFIC ACL.
!
crypto map L2TP_VPN 10 ipsec-isakmp
set peer 1.2.3.4
set transform-set ESP-AES256-SHA1
match address L2TP_TRAFFIC
!
! Match the L2TP traffic.
!
ip access-list extended L2TP_TRAFFIC
permit udp host *Outbound IP* eq 1701 host 1.2.3.4 eq 1701
!
! Apply the crypto map to the outbound\internet facing interface.
!
interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.0
crypto map L2TP_VPN
!
! Define the psuedowire class that will speak L2TP and the source interface.
!
pseudowire-class L2TP_PW
encapsulation l2tpv2
ip local interface FastEthernet0/0
!
! Create Virtual-PPP interface to bind the psuedowire class to.
!
interface Virtual-PPP1
description L2TP Tunnel
ip address negotiated
ppp chap hostname *User Name*
ppp chap password *Password*
ppp ipcp address accept
pseudowire 1.2.3.4 1 pw-class L2TP_PW
También deberá agregar NAT y \ o enrutamiento relevantes para su escenario.