07-20-2010 03:18 AM - edited 03-04-2019 09:07 AM
Hi guys,
I am in the situation of connecting two buildings with 2x34 Mbps links and I am being requested to encrypt the data traffic , but not teh voice traffic.
I have 4x3845s for this task and I have some ideas on how to do it , but if you can guide me in the right direction , maybe those of you that have already dealt with this !
The data transfer will consist in file copying on FTP or RDP sessions from one building to the other , cross backup between these sites only.
Thanks ,
Regards,
Vlad
Solved! Go to Solution.
07-20-2010 05:49 AM
Vlad
If you need to provide redundancy that does complicate the situation a bit. I think that you could probably set up IP SLA to track reachability through the other router at the site
I had thought about the suggestion of having the access list in IPSec VPN to identify interesting traffic deny voice traffic and permit data traffic and that is a very reasonable approach. If you took this approach perhaps you could then run some routing protocol which could detect when the other router at a site had lost its connection between sites.
HTH
Rick
07-20-2010 05:12 AM
Vlad
If you have 2 circuits and 4 routers then an appealing solution would be to use Policy Based Routing to send voice traffic over one circuit and send data traffic over the other circuit. You could then configure IPSec VPN on the data circuit which would encrypt the data traffic.
HTH
Rick
07-20-2010 05:27 AM
Adding to Ric's reply:
If you still have one outgoing connection and you would like the Data to be encrypted without the Voice, just have your IPsec VPN configuration normally. and configure your interesting traffic to match Data Traffic Only without the Voice.
With the above, the Data traffic will be sent to destination encrypted while the voice traffic will be sent un encrypted.
HTH
Mohamed
07-20-2010 05:38 AM
Thank you both!
I would have some unclarity tho'.
I have 2 routers @ one site and 2 routers @ the other site, 2 links between these routers. If I do policy routing and route traffic based on destination, how will one router know if the other router is down or unreacheable?
I have never done this before so I am thinking which would be the most appropriate and practical solution for me .
Vlad
07-20-2010 05:49 AM
Vlad
If you need to provide redundancy that does complicate the situation a bit. I think that you could probably set up IP SLA to track reachability through the other router at the site
I had thought about the suggestion of having the access list in IPSec VPN to identify interesting traffic deny voice traffic and permit data traffic and that is a very reasonable approach. If you took this approach perhaps you could then run some routing protocol which could detect when the other router at a site had lost its connection between sites.
HTH
Rick
07-20-2010 06:00 AM
Rick ,
Thanks a lot!
Yes , I was giving this a thought and I think I am going to stick to this approach.I was thinking of this as well , but I was not sure it would be the best , but it seems to me I do not really have to many options to chose here .
And frankly I don't want anything that would complicate my life too much!
Regards,
Vlad
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide