I have been very unsuccessful in finding a solution to this issue and am begining to believe that it is not possible...well, at least as we would like to do it.
Our situation: We have a 6509-E (SUP-720, VSPA) that is the hub to several 2960's connected (dot1Q) to remote sites (2-13 miles away) via our own fiber (no ISP).
Our objective: We are wishing to encrypt the traffic over that fiber to help us comply with DoD requirements. We have some 3825's that we would like to place at each of the sites in front of the 2960's.
Our problem: We do not want to have to route the traffic. We have several VLANs distributed at each of those sites. These VLANs are required to separate the data from eachother, again to help comply with DoD requirements.
Is this doable? If so, where can I get some additional info?