We have setup DMVPN hub an spoke configuration with IPsec enabled. This setup works very well.
I noticed when configuring a simple point-to-point VPN with IPsec [without DMVPN, just a simple point-to-point encrypted virtual link], you needed to specify "interesting traffic" to determine which data would be sent to the encryption/decription engine.
With DMVPN, it appear all traffic is encrypted and no way to utilize "interesting traffic" ACLs.
IS there a way to enable "interesting traffic" ACLs with IPsec on DMVPN or is it all or nothing?
the objective of mGRE is to provide a virtual flat subnet to run a routing protocol over it.
So there is no "interesting traffic" to be defined.
However, the use of multiple routing protocols (at least different processes), the one used on the WAN and the one used on the mGRE, allows for protection of traffic LAN to LAN between specific subnets.
This still allows to have unprotected traffic sent between other IP subnets, that are not advertised over the mGRE but are advertised over the WAN links in "clear text".
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...