Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
570
Views
0
Helpful
7
Replies

configuring VPNs to 150+ branches

Go to solution
uddika kahawatte
Level 1
Level 1

‎03-10-2009 04:09 AM

hi all,

we are planing to have a new 3845 ISR at our head-office and replace all leased line connections to VPN connections from the service provider. currently the leased lines are terminating to a set of 3660 E1 interfaces.

the service provider is having a MPLS/BGP IP-VPN, so it will be a peer-2-peer VPN. since we are a banking institution, we do not want to rely on the service-providers L3-VPN.

my question is, how can we achieve encryption from our new router to all branches and what will be the ideal IOS and AMI or VPN specific modules we ought to have?

thanks

uddika

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
andrew.prince
Level 10
Level 10
In response to uddika kahawatte

‎03-12-2009 02:38 AM

Sorry I am confused - you said on the original post

"my question is, how can we achieve encryption from our new router to all branches and what will be the ideal IOS and AMI or VPN specific modules we ought to have?"

But you also stated "the service provider is having a MPLS/BGP IP-VPN, so it will be a peer-2-peer VPN. since we are a banking institution, we do not want to rely on the service-providers L3-VPN. "

Just so I am clear - your provider will encrypt the data for your across the MPLS cloud. And you are not happy with that - so you want to perform your own encryption then send it to your service provider? Essentially you want to encrypt it twice - is this correct?

View solution in original post

0 Helpful
7 Replies 7

Go to solution
uddika kahawatte
Level 1
Level 1
In response to andrew.prince

‎03-11-2009 08:51 PM

thanks,

but we are the customer, so what i'm looking at is some recomendations and designs on IPSec - GRE

rgds,

uddika

0 Helpful

Go to solution
andrew.prince
Level 10
Level 10
In response to uddika kahawatte

‎03-12-2009 02:38 AM

Sorry I am confused - you said on the original post

"my question is, how can we achieve encryption from our new router to all branches and what will be the ideal IOS and AMI or VPN specific modules we ought to have?"

But you also stated "the service provider is having a MPLS/BGP IP-VPN, so it will be a peer-2-peer VPN. since we are a banking institution, we do not want to rely on the service-providers L3-VPN. "

Just so I am clear - your provider will encrypt the data for your across the MPLS cloud. And you are not happy with that - so you want to perform your own encryption then send it to your service provider? Essentially you want to encrypt it twice - is this correct?

0 Helpful

Go to solution
uddika kahawatte
Level 1
Level 1
In response to andrew.prince

‎07-06-2009 12:02 AM

hi,

i don't think that a MPLS/BGP IP-VPN does any form of encryption. it only segregates our routes from the rest of the customers of the service provider. it is a L3 routing table separation.

thanks,

uddika

0 Helpful

Go to solution
uddika kahawatte
Level 1
Level 1

‎12-21-2010 01:24 AM

guess this can be done from GRE and using IPSec to encript traffic. i have not checked this opened discussion for a long time. it is resolved now.

0 Helpful

Go to solution
ciscobigcat
Level 1
Level 1
In response to uddika kahawatte

‎12-21-2010 10:12 AM

How did you accomplish this one more time?

0 Helpful

Go to solution
uddika kahawatte
Level 1
Level 1
In response to ciscobigcat

‎12-21-2010 09:42 PM

i am trying to understand the configuration through another discussion. see my other post on

basic GRE IPSec configuration question

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents