Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

GET VPN and Security Issues

As per my understanding GET VPN is just an overlay encryption . If we have point-to-multipoint connections from ISP we can directly run routing protocol on the routers rathar than making tunnels but ISP router will also have to start the same routing process number for things to work . The ISP can sniff packets so we make GET VPN having key servers .

Now my point is that I have heard from several sources that letting ISP know about your internal routes is not a good thing to do due to security reasons . Is that correct ? If this is correct then how people around the globe work on technologies like GET VPN .

1 REPLY
Cisco Employee

GET VPN and Security Issues

Hi,

Regarding VPN, you need to understand what the solution is desgined for.

It's not meant to internet (DMVPN Is the closest "equivalent")

Prime example, and a very common case, is to provide encryption in L3 MPLS VPN scenario.

Chances are that you're already talking OSPF to your ISP exchanging routes for other destinations (unless you're only provided a default route which is also possible).

You have sevaral locations connected to a cloud. The ISP will know parts of your addressing space to route the packets within MPLS cloud.

GETVPN is there only to provide encryption for transit traffic, it's not mean to "hide" IP addresses because it could break routing. Then again, it's a simple mechanism, "If it matched policy, I will encrypt it" routing/obfustacting is outside of the scope.

Marcin

426
Views
0
Helpful
1
Replies
CreatePlease to create content