Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

can getvpn encrypt EIGRP exchanges?

Hello everyone,

 

We'er thinking of deploying a getvpn on a military network over a carrier vendor VPLS cloud. My concern is that can the route updates, hello packets, etc in EIGRP be encrypted so that the carrier can not see our network information? Thanks

3 REPLIES

Control plane traffic

Control plane traffic including routing protocols are denied in the acl for the encryption policy. In effect, get VPN assumes a functioning routed network outside the encryption domain. You of course have the option to protect eigrp with keys to authenticate routing updates between authorized peers.
Community Member

But what if for some reason

But what if for some reason that someone in the service provider organization is malicious, he tries to sniff the traffic, all the network information in routing update packets can be seen, right? If we encrypt eigrp, neigborship will not be formed, correct?. Thanks

If you try to encrypt your

If you try to encrypt your routing protocol, you won't have a network to protect. If you want absolute secrecy, maybe get VPN isn't what you need. What about straight IPSec tunnels? Depending on the number of sites and whether or not you need a mesh configuration it could be workable.
158
Views
0
Helpful
3
Replies
CreatePlease to create content