[nsp] OSPF & Encryption

Luan Nguyen lmnguyen at cox.net
Tue Nov 18 12:01:07 EST 2003

You could try external encryption boxes :)
Pure IPSEC can't do routing protocol like eigrp/ospf.  It could do static via access-list or BGP though.  Best solution would be running GRE and then use ipsec transport mode over it - add on like 60 bytes for header.  I ran eigrp/opsf over gre/ipsec just fine.  Just need to watchout for the MTU stuffs and the right ios too.


> From: Chris Moore - GMD <chris.moore at gmd.com>
> Date: 2003/11/18 Tue AM 09:12:58 EST
> To: "'cisco-nsp at puck.nether.net'" <cisco-nsp at puck.nether.net>
> Subject: [nsp] OSPF & Encryption
> Hi all,
> I've walked into an interesting situation. I am working on a small network
> with private point-to-point T1s between sites. We have customers (we're in
> the financial industry) that insist that we encrypt our private T1s. We also
> want to run OSPF. 
> I was going to encrypt the links using IPSec but this breaks OSPF. Cisco's
> solution seems to be to use GRE tunnels - something I don't have experience
> with. Is there a simpler way? Are there alternatives to IPSec for encrypting
> point-to-point links?
> Any help will be appreciated.
> Thanks,
> Chris
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list