How do I secure this scenerio?
1) Site A has a 2821 router and a IP connection to site C's 2821 across another organizations IP network.
2) Site B has a 2821 router with an MPLS connection to site C's 2821.
This is easy enough to connect and get working clear text connections and GRE tunnels, but I'm leaving my network open to other other organization nor to the MPLS service provider.
I'm thinking some flavor of encryption between the routers with GRE tunnels for routing the actual traffic.
Thank you in advance for any recommendations and config examples.
you can deploy a separate acl on the physical interface, which allows only the tunnel itself (udp/500 and esp). The acl on the VTI would control the traffic through the tunnel.