Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Is RFC2547bis VPN over IPSEC Core being implemented in Cisco ?


We have a legal requirement that oblige us to keep confidentiality in our internal IP network (there are scenarios in which ES have no way to encrypt the sensitive data). We are evolving to a MPLS backbone with PE in each PoP of our company and we want to associate VLAN to VRF (we wnat to segregate our internal IP network with multiple VPN) . So there are no CE.

A very small percentage of the IP flows must be encrypted but they can belong to different VPN.


(1) E. Rosen says in RFC2547bis that we can run L3VPN over non MPLS core like GRE or IPSEC Core. Do you now in Cisco has implemented any L3-VPN over IPSEC Core ?

(2) In case that it was already implemented do you think that a PE could work simultaneously with an MPLS Core and an IPSEC Core ?

Ideally we would like to have per PE-PE couple

* One LSP tunnel for non-sensitive traffic.

* One IPSEC tunnel for sensitive data.

and being able to control trough extended ACL (maybe PBR per VRF) which tunnel to take.

Thank for your help.


Re: Is RFC2547bis VPN over IPSEC Core being implemented in Cisco

Cisco supports MPLS VPN over GRE already and I am pretty much sure that the PE can participate in both MPLS and non-MPLS core.