[c-nsp] MPLS and IPSEC co-working

Andris Zarins a.zarins at lattelecom.lv
Thu Aug 16 07:43:44 EDT 2007


> Hi,
> 
> Network setup is pretty trivial - three routers running MPLS (LDP
> full-mesh) to support 20+ MPLS VPNs. Tricky part, is that customer is
> asking to secure that infrastructure by running IPSEC (3DES). As far
> as I know, I can not run LDP over Tunnel interfaces, and crypto-maps
> will not help also. Concept of running IPSEC between CPEs doesn't make
> sense, as there are no CPEs :( 
> 
> 
> Question is - is VRF-Lite plus back-to-back connectivity, like option
> A for inter AS MPLS, the only viable option I have, or Im missing
> something and there are other, more scalable ways to do it?
> 
> 
> Thanks,
> Andris
> CCIE #17473


More information about the cisco-nsp mailing list