Yes it is point to point.But I also need IPSEC with L2VPN.I have already been using L2TP/IPSEC now but throughput is low for my expectation.I want to know another alternatives L2VPN methods.if I create a MPLS network and configure VLL with IPSEC,does it means that we will able to carry more traffics than L2TP/IPSEC?

for IPSEC,We have to use L2TP for L2 traffics?What is the alternatives methods to transmit L2 traffics?

500Mb/s of crypto is a lot. What sort of hardware are you trying to do this with?  You are going to need something quite big.

I personally like using L2TPv3 for site to site L2.  Nice and simple.  Because L2TP runs over IP it can run over IPSec.

Is the transport between your two sites capable of larger than 1500 byte MTUs so you can avoid fragmentation?

we are carrying less than 1500 packets.So I think MTU and fragmentation isnt so important.I am using L2TPv3 too and as you said that it is really simple.But L2TP/IPSEC decreases the transport data as you know.Do you use L2TP/IPSEC?if yes,could you please share the configurations with me please?

Also Have you ever tried the GRE over IPSEC or MPLS over IPSEC?Any experiences?

regards

I've done it using a VTI between two routers and run L2TPv3 over that.

What sort of device are you attempting to do the crypto on?

I am trying with Cisco 3845.it supports up to 150Mbps.

maybe I may buy ASR1000 Cisco router because I have researced it on internet and I think it can support up to 2,5G with L2TP/IPSEC.

Any of the ASR 1k's should be able to do that.

http://www.cisco.com/c/dam/en/us/products/collateral/routers/asr-1000-series-aggregation-services-routers/Miercom-ASR1000.pdf

http://www.cisco.com/c/en/us/products/collateral/routers/asr-1000-series-aggregation-services-routers/qa_c67-452124.html

I have ordered ASR 1000 and I think I wil get it in a few days.I will create a L2TP and protect it with IPSEC.I've examine some configurations on internet about L2TP/IPSEC.All of them are different from each others.forexample Do I have to use "ip pmtu" commands?Because my packets are very low(max. 200 bytes)

or if you have a configuration,we can discuss about it here if it ok for you too.

regards

If your packets are going to be that small you wont have to worry about MTU.

I send a simple topology as attachment.There wont be any IP address between R1 to R2 and R3 to R4.Just there is IP addresses between R2 and R3.

I am using ME circuits and may be ISP can help me this issue.if I prefer to have dot1q tunneling methods between R2 to R3 with VLANs,How Can I transmit L2 data from R1-R2 to R2-R3?

Shortly R1-R2..........L2 data will be trasmitted

     R2-R3..........ISP will create a VLANs and I will create a VLANs.the dot1q tunnelling will be builted and encrypted by IPSEC.

            R3-R4..........L2 data will be obtained again

An ISR 4451 (which replaced the 3900's which replaced the 3800 you have) should also be able to do it.  You need to make sure to buy the HSEC licence to get the higher crypto throughput as well.

http://www.cisco.com/c/en/us/products/routers/4000-series-integrated-services-routers-isr/models-comparison.html

My first choice would be an ASR 1k though.  If price was an issue the 4451 would be the second choice.