We are looking at deploying an IPSec VPN from CE-CE routers across an MPLS backbone. There will be several CE, PE and P routers and we will manage the MPLS backbone.
At all sites, the CE routers will be Cisco 7600 series with a VPN Accelerator module and a Firewall Services module. At all sites, the Cisco 7600 will also support an 802.1q trunk to a Layer 2 switch configured with 3 VLANS.
Packets coming from the WAN through the outside port (configured to belong to a port VLAN) are directed by the PFC2 to the VPN module outside port. The VPN module decrypts the packets and changes the VLAN to the corresponding interface VLAN and then presents the packet to the router through the VPN module inside port. The
MSFC then routes the packet to the Firewall Services module outside port configured as an Interface VLAN and then back out through the inside port interface VLAN to the MSFC, routed as normal, and out to the required VLAN host.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...