03-10-2009 04:09 AM
hi all,
we are planing to have a new 3845 ISR at our head-office and replace all leased line connections to VPN connections from the service provider. currently the leased lines are terminating to a set of 3660 E1 interfaces.
the service provider is having a MPLS/BGP IP-VPN, so it will be a peer-2-peer VPN. since we are a banking institution, we do not want to rely on the service-providers L3-VPN.
my question is, how can we achieve encryption from our new router to all branches and what will be the ideal IOS and AMI or VPN specific modules we ought to have?
thanks
uddika
Solved! Go to Solution.
03-12-2009 02:38 AM
Sorry I am confused - you said on the original post
"my question is, how can we achieve encryption from our new router to all branches and what will be the ideal IOS and AMI or VPN specific modules we ought to have?"
But you also stated "the service provider is having a MPLS/BGP IP-VPN, so it will be a peer-2-peer VPN. since we are a banking institution, we do not want to rely on the service-providers L3-VPN. "
Just so I am clear - your provider will encrypt the data for your across the MPLS cloud. And you are not happy with that - so you want to perform your own encryption then send it to your service provider? Essentially you want to encrypt it twice - is this correct?
03-10-2009 09:47 AM
See the below config example for a MPLS VPN.
http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a00800a6c11.shtml
HTH>
03-11-2009 08:51 PM
thanks,
but we are the customer, so what i'm looking at is some recomendations and designs on IPSec - GRE
rgds,
uddika
03-12-2009 02:38 AM
Sorry I am confused - you said on the original post
"my question is, how can we achieve encryption from our new router to all branches and what will be the ideal IOS and AMI or VPN specific modules we ought to have?"
But you also stated "the service provider is having a MPLS/BGP IP-VPN, so it will be a peer-2-peer VPN. since we are a banking institution, we do not want to rely on the service-providers L3-VPN. "
Just so I am clear - your provider will encrypt the data for your across the MPLS cloud. And you are not happy with that - so you want to perform your own encryption then send it to your service provider? Essentially you want to encrypt it twice - is this correct?
07-06-2009 12:02 AM
hi,
i don't think that a MPLS/BGP IP-VPN does any form of encryption. it only segregates our routes from the rest of the customers of the service provider. it is a L3 routing table separation.
thanks,
uddika
12-21-2010 01:24 AM
guess this can be done from GRE and using IPSec to encript traffic. i have not checked this opened discussion for a long time. it is resolved now.
12-21-2010 10:12 AM
How did you accomplish this one more time?
12-21-2010 09:42 PM
i am trying to understand the configuration through another discussion. see my other post on
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide