Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
526
Views
0
Helpful
1
Replies

GET VPN and Security Issues

communication.boy
Level 1
Level 1

‎11-24-2011 08:45 PM

As per my understanding GET VPN is just an overlay encryption . If we have point-to-multipoint connections from ISP we can directly run routing protocol on the routers rathar than making tunnels but ISP router will also have to start the same routing process number for things to work . The ISP can sniff packets so we make GET VPN having key servers .

Now my point is that I have heard from several sources that letting ISP know about your internal routes is not a good thing to do due to security reasons . Is that correct ? If this is correct then how people around the globe work on technologies like GET VPN .

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎11-25-2011 02:25 AM

Hi,

Regarding VPN, you need to understand what the solution is desgined for.

It's not meant to internet (DMVPN Is the closest "equivalent")

Prime example, and a very common case, is to provide encryption in L3 MPLS VPN scenario.

Chances are that you're already talking OSPF to your ISP exchanging routes for other destinations (unless you're only provided a default route which is also possible).

You have sevaral locations connected to a cloud. The ISP will know parts of your addressing space to route the packets within MPLS cloud.

GETVPN is there only to provide encryption for transit traffic, it's not mean to "hide" IP addresses because it could break routing. Then again, it's a simple mechanism, "If it matched policy, I will encrypt it" routing/obfustacting is outside of the scope.

Marcin

0 Helpful
Customers Also Viewed These Support Documents