[nsp] OSPF & Encryption
Luan Nguyen
lmnguyen at cox.net
Tue Nov 18 12:01:07 EST 2003
You could try external encryption boxes :)
Pure IPSEC can't do routing protocol like eigrp/ospf. It could do static via access-list or BGP though. Best solution would be running GRE and then use ipsec transport mode over it - add on like 60 bytes for header. I ran eigrp/opsf over gre/ipsec just fine. Just need to watchout for the MTU stuffs and the right ios too.
-luan
>
> From: Chris Moore - GMD <chris.moore at gmd.com>
> Date: 2003/11/18 Tue AM 09:12:58 EST
> To: "'cisco-nsp at puck.nether.net'" <cisco-nsp at puck.nether.net>
> Subject: [nsp] OSPF & Encryption
>
> Hi all,
>
> I've walked into an interesting situation. I am working on a small network
> with private point-to-point T1s between sites. We have customers (we're in
> the financial industry) that insist that we encrypt our private T1s. We also
> want to run OSPF.
>
> I was going to encrypt the links using IPSec but this breaks OSPF. Cisco's
> solution seems to be to use GRE tunnels - something I don't have experience
> with. Is there a simpler way? Are there alternatives to IPSec for encrypting
> point-to-point links?
>
> Any help will be appreciated.
>
> Thanks,
>
> Chris
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list