In th HQ, I have a Cisco router connected to a security equipment (Crypto AG) that encrypt all the packet (including the header), the security equipment is connected to another Cisco router which is connected to IP/MPLS or Frame Relay Provider.
CISCO <---> SEC. EQUIPMENT <---> CISCO <---> PROVIDER
In the branch office, I have the same architecture.
Is there any why to make this architecture work (can ping from the 1st router in HQ to second router in branch office) ?
I was told that we can use PAD (packet assembler/disassembler) to communicate between the 2 routers in the same site
I think this kind of crypto devices are good only on dedicated links.
if they encrypt everything including the header how can the second router understand in which way to handle the resulting packet ?
An EoMPLS router could still try to forward the packet because it doesn't need to understand it but no ip routing is possible on a totally encrypted packet the ipv4 header should be left in clear text to be able to route it as it is done in the IPSec protocols with AH and ESP.
if instead you put the devices at the two ends of a dedicated link there is no problem traffic arrives decrypted at the destination router.
But the problem is that the EoMPLS Router encapsulate a L2 frame received on an ingress interface, which is not the case. the router behind the Crypto device receive an ancrypted packets and it can't read the L2 header.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...