Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to Secure MPLS VPN ?

As in IP sec we can secure VPN with some encryption,But in MPLS how should i provide

Secure VPN.


Re: How to Secure MPLS VPN ?

MPLS VPN are already secured be seperating VPNs from each other. However, if desired, you can still configure IPSec from one CE to another CE for additional security. The MPLS core does not deny you this capability.

New Member

Re: How to Secure MPLS VPN ?

Thanks....for reply.

But if i configured IPSec form Ce to Ce it will be like overrealy VPN...Correct.

Than in this case no role of it ?


Re: How to Secure MPLS VPN ?

See this culled from the RFC (4364). I think it explains it.

1.6. Security

VPNs of the sort being discussed here, even without making use of

cryptographic security measures, are intended to provide a level of

security equivalent to that obtainable when a layer 2 backbone (e.g.,

Frame Relay) is used. That is, in the absence of misconfiguration or

deliberate interconnection of different VPNs, it is not possible for

systems in one VPN to gain access to systems in another VPN. Of

course, the methods described herein do not by themselves encrypt the

data for privacy, nor do they provide a way to determine whether data

has been tampered with en route. If this is desired, cryptographic

measures must be applied in addition. (See, e.g., [MPLS/BGP-IPsec].)

Security is discussed in more detail in Section 13.