Yes this is possible. The STUN feature takes the serial traffic and encapsualates it in IP. The tunnel configuration has the facility for applying an IP address, this is the source address the tunnel uses. So in your crypto map define the IP address that you use for the source and destination of the tunnel, and then it will be encrypted.
interface Serial1/0
description STUN to Remote
ip address 10.1.2.3 255.255.255.0
encapsulation stun
serial restart-delay 0
nrzi-encoding
clockrate 64000
stun group 10
stun sdlc-role primary
sdlc address C1
stun route address C1 tcp 172.16.255.250 local-ack
In this example the tunnel addresses are (SRC) 10.1.2.3 (DST) 172.16.255.250
You dont need any additional hardware or software so long as your router supports STUN and IPSec.
Andy