my customer is having around 200 sites connected to the MAIN OFFICE through MPLS. The provider is using 3550 in all their sites and the main office as well for the MPLS. Also the main office is secured only by the PIX 525UR with failover.
Each site is having 10 users accessing the oracle server in the MAIN OFFICE through oracle client.
Now, they wanted this transactions in a secured manner using VPN. Am not well verse with MPLS but the customer wanted a secured VPN using IPSec. What is the best solution for this case.
The MPLS VPN transports IP traffic. So what you can do is simply setting up your IPSec VPNs and get reachability between the IPSec gateways through the MPLS VPN.
So place a firewall/IPSec gateway in front of the Oracle server and into each location and setup VPNs for the Oracle traffic. I am assuming that there is other traffic, which should not be encrypted. Then you would need a split tunnel setup, where only Oracle traffic is encrypted, but not the rest.
So finally: MPLS VPNs do not interfere with IPSec.
well 2000 vpn users are a bit much. I would recommend to use either VPN concentrator or PIX for remote locations (even 501 might do for 10 users depending on required throughput).
Centrally I would opt for an ASA ... many nice features there.
As long as there is IP connectivity between your IPSec gateways/firewalls it does not really matter, whether it is MPLS VPN or internet. MPLS VPN is somewhat more nice, because you can get QoS to prioritize your important traffic (like Oracle encrypted) based on IP precedence. Be aware that according to the IPSec standard IP precedence of the original IP header will be copied into your new IPSec header. This way the MPLS SP can treat the traffic properly.
This type of SLA is usually not offered for internet access.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :