Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Encrypt traffic generated on a remote router?

Will a router encrypt traffic from a segment it is not direclty connected to?

I created the following example to explain my question:

The subnet for all segments is 255.255.255.0

router2010 services the 10.20.10.0 ethernet segment

and has a link using 10.150.0.0 segment to router2020

router2020 services the 10.20.20.0 ethernet segment

and has a link using the 10.51.0.0 segment to router30

router30 services the 10.30 ethernet segment

I want to encrypt all traffic between both 10.20 segments and the 10.30.0.0 segment only between router2020 and router30.

My access list on router2020 reads as follows:

ip access-list extended R2020TO30-encryption

permit ip 10.20.0.0 0.0.255.255 10.30.0.0 0.0.255.255

My access list on router30 reads as follows:

ip access-list extended R2020TO30-encryption

permit ip 10.20.0.0 0.0.255.255 10.30.0.0 0.0.255.255

Will router2020 encrypt traffic from 10.20.10.0 segment even though that traffic does not originate on a segment directly connected to router2020?

or do I have to set up an encryption between router2010 and router30 to accomplish that?

Where can I find information about this?

Thanks,

Mark

2 REPLIES
Hall of Fame Super Silver

Re: Encrypt traffic generated on a remote router?

Mark

Am I correct in assuming that when you speak of encrypting traffic that you are talking about using IPSec?

A router does not need to be directly connected to a segment to be able to do IPSec encryption for that segment. So in your example I do not see a problem to have router 2020 encrypt traffic with source address 10.20.10.0 and 10.20.20.0.

One detail: I would revise the access list on router 30:

permit ip 10.30.0.0 0.0.255.255 10.20.0.0 0.0.255.255

on router 30 the source addresses will be 10.30 and the destination addresses will be 10.20.

HTH

Rick

New Member

Re: Encrypt traffic generated on a remote router?

Yes Rick, I am talking about IPSec. Thanks for your reply.

Do you (or anyone else) know of any examples on Cisco's web pages or other documentation where I can show that this will work to my client?

Thanks,

Mark

159
Views
4
Helpful
2
Replies
CreatePlease login to create content