Cisco → [Config] LAN Extension L2 config help

So the challenge I have: I have two locations, my primary server location and a Colo space. The Colo space is to host my emergency restore systems. This equipment consists of a SAN, and a VMServer. The VMServer is to host both the 10.4.0/24 and the 10.5.0.0/24 systems. In order to make this transparent to the user if my local system go down my VMServer is ready to take the same requests while slightly slower.
To accomplish this I am trunking the traffic from E1 & A1 into AE1. That traffic is then to be encrypted at AE2 via L2 VPN and sent to AE3 via L2 link provided by my ISP (C1). AE3 will then decryped the data and send it to AE4. AE4 will then break the trunk out into seperate VLANs for the 10.5.0.0/24 & 10.4.0.0/24 subnets.

That's the idea now here is the issue. I have yet to be able to setup the L2 connection between the two routes AE2 & AE3. I don't know why I am having a hard time with this. I haven't even started on the configs for AE1 yet, I am simply trying to connect two LAN segments via L2 VPN in my lab at this time and am not having any luck. In short I want to extened my LAN to my Colo.

E1.
VMServer on the 10.4.1.0/24 subnet.

A1.
VMServer on the 10.5.0.0/24 subnet.

AE1.
Cicso 1950 Cat running LanLite-M 12.2.

AE2.
Cisco 2811 runnning Advanced Enterprise 15.0.

AE3.
Cisco 2811 runnning Advanced Enterprise 15.0.

AE4.
Cicso 1950 Cat running LanLite-M 12.2.

AE5.
VM Server with 4 LAN ports. Two (2) for SAN. One (1) for the 10.4.1.0/24 network. One (1) for the 10.5.0.0/24 network.

is the link between the two edge routers a simple l2vpn from your carrier?
are you wanting to run crypto over this link?

q.

Yes & Yes.

Thanks for taking the time to reply.

something like this will get you pointed in the right direction.
essentially -- you're just going to be doing atom-o-gre-o-ipsec.

»w.ntwk.cc/working-on-atompls/

q.

Thanks! I saw some atom references today but it all seemed to relate to a higher class of equipment than the 2811.

Thanks for the info I'll dig in tomorrow.

I had thought I was on the correct track looking into pseudowire and connect but couldn't quite get my head around it.

its mostly about the code rev that you have on your router.
i've got a grip of 1841's in my lab that are all running advanced enterprise that all support it.

q.

I will have to lab this. Looks very interesting.

I doubt a 2811 is going to handle 100mbps of crypto and be able to route 100mbps at the same time.

Is there a hard requirement for crypto?

Also AFAIK the 2811 cant do MPLS pseudowires, but you should be able to do an L2TPv3 based pseudowire.

And of course, if this is indeed an L2 circuit between your two sites, why even have a router between them at all?

checking on this right now -- but i believe it can -- as atom as discussed in my ccie r/s prep guides.

q.

just checked -- and i'm running on my 1841s now.

r1#sh ver
Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 15.1(4)M6, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Thu 14-Feb-13 03:21 by prod_rel_team
 
r1#sh run 
Building configuration...
...
pseudowire-class ATOM
 encapsulation mpls
!
! 
!
!
!
!
!
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!         
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 xconnect 1.1.1.2 1 pw-class ATOM
!
...
router ospf 1
 router-id 1.1.1.1
 network 1.1.1.1 0.0.0.0 area 0
 network 192.168.1.1 0.0.0.0 area 0
...
mpls ldp router-id Loopback0
...
end
 
r1#sh xconnect all
Legend:    XC ST=Xconnect State  S1=Segment1 State  S2=Segment2 State
  UP=Up       DN=Down            AD=Admin Down      IA=Inactive
  SB=Standby  RV=Recovering      NH=No Hardware
 
XC ST  Segment 1                         S1 Segment 2                         S2
------+---------------------------------+--+---------------------------------+--
UP     ac   Fa0/1(Ethernet)              UP mpls 1.1.1.2:1                    UP
 

you do bring up a good point of the 100m throughput on the 2811 -- which won't happen with crypto, but the config is possible.

q.

AFAIK its all of the ISRs. I certainly couldnt do it on a 12.4 image when I tried. Minimum box I could conjure it up on was a 7400.

I would love to be proven wrong though, that would just be awesome.

I did do a L2TPv3 PW between a 2800 and a 2600XM one time though.

i believe you need advanced ip services or greater for mpls services

see above. it works.

q.

Well thats just freakin awesome.

Pretty sure I was using Adv IP when I tried. Maybe it just wasnt there in 12.4, or maybe Im just completely crazy (highly probable...)

all of my kit runs ent services. i can try to downgrade to see.
i know i was running t-train before. maybe mainline doesnt have it in 12.4.

either way -- i use the x-connect bits quite a bit when i am hacking through stuff

q.