Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Capabilities for Site-to-Site IPSEC tunnel

Greetings,

I have what is probably a very basic question regarding the capabilities of a Cisco router for creating a Site-to-Site IPSEC tunnel between two sites.  The system involved is a mainframe and one of its ethernet connections handles both server traffic and high-speed printing traffic.  There is a new requirement to split the print traffic off and encrypt it, but at the same time maintain the existing, single ethernet connection from the mainframe for both servers and printers.  My thought is a Cisco router could be configured to create an IPSEC tunnel for the print traffic and split it out from the server traffic.  In this way, instead of the mainframe being connected straight to switched network, as it is now, it would be plugged to an ethernet interface on the router.  Then an IPSEC tunnel could be created with the IOS that would send the print traffic through the network to a peer IPSEC router where the printers are located.  The server traffic would be passed to the switched network as is.  The router at the mainframe end would connect to the same, single inteface on switched network that it does now.

Is this a feasible setup?  If so, what router family could provide this funtionality?

Thanks and regards.

Nick

1 ACCEPTED SOLUTION

Accepted Solutions
Purple

Capabilities for Site-to-Site IPSEC tunnel

Hi,

of course you can decide which IP traffic to send through the VPN tunnel either with a crypto ACL or if using VTI based VPN by not sending non VPN traffic on the VTI interface.

All routers doing IPSec VPNs can achieve this.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
2 REPLIES
Purple

Capabilities for Site-to-Site IPSEC tunnel

Hi,

of course you can decide which IP traffic to send through the VPN tunnel either with a crypto ACL or if using VTI based VPN by not sending non VPN traffic on the VTI interface.

All routers doing IPSec VPNs can achieve this.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

Capabilities for Site-to-Site IPSEC tunnel

Thanks very much Alain, this is exactly the information I needed.

Regards,

Nick

156
Views
0
Helpful
2
Replies
CreatePlease login to create content