Encryption with Bridging

Unanswered Question
May 19th, 2007


We have a client asking to do something I do NOT think is possible but I may be wrong. Two sites, NY and LA. BOTH are using the private block 10.10.10.X /24. They are currently NOT connected but will be via a 10Mb fiber link. Thus, layer two... They wish to ENCRYPT traffic across this "bridged" link... Has anybody done this before and / or is it even possible?? The goal is essentially to PROTECT the firm from the carrier providing the layer two fiber!! Ideas please!!!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Paolo Bevilacqua Sat, 05/19/2007 - 08:39

Encryption won't work with bridging.

Once your customer uses two different IP subnets, you can encrypt traffic using IPsec.

Hope this helps, please rate post if it does!

netsec123 Sat, 05/19/2007 - 08:59

Thank you. :) Would you know of 'any' way - even non-cisco - that will facilitate the easiest way to get this link encrypted? Just wondering?



Paolo Bevilacqua Sat, 05/19/2007 - 10:39


Considering that a pair of cisco routers series 870, modestly priced, will provide encryption speed of 8 Mbps, I think that is the best way to do it. If you need to connect directly to the fiber, the price will be higher and you would need to mention here the physical access characteristics of the link.

Thanks for the nice rating and good luck!

netsec123 Sat, 05/19/2007 - 16:01

But wait... I'm sorry... won't that mean that we will need to have a different subnet on both sides? Can we bridge?

Paolo Bevilacqua Sat, 05/19/2007 - 23:29


as consultant/vendor the best favor you can do to your customer is to convince him to renumber and help in the process.

All other hypothesis are kludges that will only generate complications and trouble.

Good luck!

netsec123 Sun, 05/20/2007 - 05:06

You are 1000% correct!!! Believe me, I am trying! :) And, thank you so much for the URLs. I am going through them now. ;)


This Discussion