Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

configuring VPNs to 150+ branches

hi all,

we are planing to have a new 3845 ISR at our head-office and replace all leased line connections to VPN connections from the service provider. currently the leased lines are terminating to a set of 3660 E1 interfaces.

the service provider is having a MPLS/BGP IP-VPN, so it will be a peer-2-peer VPN. since we are a banking institution, we do not want to rely on the service-providers L3-VPN.

my question is, how can we achieve encryption from our new router to all branches and what will be the ideal IOS and AMI or VPN specific modules we ought to have?

thanks

uddika

1 ACCEPTED SOLUTION

Accepted Solutions

Re: configuring VPNs to 150+ branches

Sorry I am confused - you said on the original post

"my question is, how can we achieve encryption from our new router to all branches and what will be the ideal IOS and AMI or VPN specific modules we ought to have?"

But you also stated "the service provider is having a MPLS/BGP IP-VPN, so it will be a peer-2-peer VPN. since we are a banking institution, we do not want to rely on the service-providers L3-VPN. "

Just so I am clear - your provider will encrypt the data for your across the MPLS cloud. And you are not happy with that - so you want to perform your own encryption then send it to your service provider? Essentially you want to encrypt it twice - is this correct?

7 REPLIES

Re: configuring VPNs to 150+ branches

New Member

Re: configuring VPNs to 150+ branches

thanks,

but we are the customer, so what i'm looking at is some recomendations and designs on IPSec - GRE

rgds,

uddika

Re: configuring VPNs to 150+ branches

Sorry I am confused - you said on the original post

"my question is, how can we achieve encryption from our new router to all branches and what will be the ideal IOS and AMI or VPN specific modules we ought to have?"

But you also stated "the service provider is having a MPLS/BGP IP-VPN, so it will be a peer-2-peer VPN. since we are a banking institution, we do not want to rely on the service-providers L3-VPN. "

Just so I am clear - your provider will encrypt the data for your across the MPLS cloud. And you are not happy with that - so you want to perform your own encryption then send it to your service provider? Essentially you want to encrypt it twice - is this correct?

New Member

Re: configuring VPNs to 150+ branches

hi,

i don't think that a MPLS/BGP IP-VPN does any form of encryption. it only segregates our routes from the rest of the customers of the service provider. it is a L3 routing table separation.

thanks,

uddika

New Member

Re: configuring VPNs to 150+ branches

guess this can be done from GRE and using IPSec to encript traffic. i have not checked this opened discussion for a long time. it is resolved now.

New Member

Re: configuring VPNs to 150+ branches

How did you accomplish this one more time?

New Member

Re: configuring VPNs to 150+ branches

i am trying to understand the configuration through another discussion. see my other post on

basic GRE IPSec configuration question

255
Views
0
Helpful
7
Replies
CreatePlease to create content