Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPSec over MPLS

We are looking at deploying an IPSec VPN from CE-CE routers across an MPLS backbone. There will be several CE, PE and P routers and we will manage the MPLS backbone.

At all sites, the CE routers will be Cisco 7600 series with a VPN Accelerator module and a Firewall Services module. At all sites, the Cisco 7600 will also support an 802.1q trunk to a Layer 2 switch configured with 3 VLANS.

Packets coming from the WAN through the outside port (configured to belong to a port VLAN) are directed by the PFC2 to the VPN module outside port. The VPN module decrypts the packets and changes the VLAN to the corresponding interface VLAN and then presents the packet to the router through the VPN module inside port. The

MSFC then routes the packet to the Firewall Services module outside port configured as an Interface VLAN and then back out through the inside port interface VLAN to the MSFC, routed as normal, and out to the required VLAN host.

New Member

Re: IPSec over MPLS

Cisco is now coming out with a new generation of VPN optimised for WAN. It is a tunnel-less VPN with any-to-any capability. You should look into this.