Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
695
Views
2
Helpful
2
Replies

GETVPN on MPLS Cloud

Ahmed Shahzad
Level 1
Level 1

‎01-13-2011 09:02 PM - edited ‎02-21-2020 05:05 PM

Hi Gurus,

We would like to implement MPLS with Ingress PE NAT, so customer with overlapping IP addresses can access the shared services, as describe in the given document:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a0080b40929.shtml#ingresspenat2

My Question is that can we run GETVPN between the PE routers, so satisfy the customer that all the customer traffic trying to access shared services are encrypted?

Best Regards,

Ahmed.

Labels:
0 Helpful
2 Replies 2

Lei Tian
Cisco Employee
Cisco Employee

‎01-14-2011 05:33 AM

Hi Ahmed,

I think that depends on where do you put the GMs. Basically, GETVPN doesn't work with NAT-T. So, if you want all customer CE and shared service CE in the same GETVPN group, then this won't work. However, if you want all PEs in the GETVPN cloud, then NAT will happen before encryption; so, that will work with no problem, but traffic from CE to PE is not encrypted.

Regards,

Lei Tian

Ahmed Shahzad
Level 1
Level 1
In response to Lei Tian

‎01-17-2011 04:07 AM

Hi,

Thanks Lei for your response.

It means we can run GETVPN among PE and P routers without any problem. We can establish a separate point-to-point tunnel between CE and PE.

Do you have specific document showing configuration of MPLS on PE and P routers, along with GETVPN?

Best Regards,

Ahmed Shahzad.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents