Data Encryption Options over Private P2P Circuits

Unanswered Question
Aug 19th, 2008
User Badges:


My customer would like to encrypt traffic across all our private P2P circuits. We have a hub-spoke topology with 50 spoke routers per one hub router. After some searches, I narrowed down to these options:

GET (Group Encryption Transport): This is exactly what we want except it only works on 12.4T. No go.

P2P IPsec over GRE: a pain to set it up with multiple P2P circuits on the hub router. No go.

DMVPN: easier to set it up than P2P IPsec over GRE. This might work.

Are there other options available for me to simply encrypt traffic without setting up tunnels? By the way, it has to be done from the current router, cannot purchase additional hardware.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joseph W. Doherty Tue, 08/19/2008 - 14:24
User Badges:
  • Super Bronze, 10000 points or more

Don't have a suggestion on other alternatives. However, if you can't purchase hardware, and your current hardware doesn't support hardward encryption, just want to insure you're aware that you might see a huge drop in performance. Tue, 08/19/2008 - 14:55
User Badges:

Thank Jose. We have 2800 and 3800 so we are ok in term of performance.

Anyone else has any suggestion?

merryllem Tue, 08/19/2008 - 17:29
User Badges:

How about PPP encryption on the actual WAN link? Tue, 08/19/2008 - 18:36
User Badges:

Thanks Merry. I tried to find any reference to how to configure PPP encryption and there isn't too much information about it. Does IOS suppose this?


This Discussion