[c-nsp] MPLS and IPSEC co-working

Andris Zarins a.zarins at lattelecom.lv
Thu Aug 16 07:59:59 EDT 2007


Thanks for quick reply ;)

If its not top-secret, are there any plans to address this issue in near
future? 


A


 

-----Original Message-----
From: Rodney Dunn [mailto:rodunn at cisco.com] 
Sent: Thursday, August 16, 2007 2:54 PM
To: Andris Zarins
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] MPLS and IPSEC co-working

> 
> > Hi,
> > 
> > Network setup is pretty trivial - three routers running MPLS (LDP
> > full-mesh) to support 20+ MPLS VPNs. Tricky part, is that customer 
> > is asking to secure that infrastructure by running IPSEC (3DES). As 
> > far as I know, I can not run LDP over Tunnel interfaces, and 
> > crypto-maps will not help also. Concept of running IPSEC between 
> > CPEs doesn't make sense, as there are no CPEs :(
> > 
> > 
> > Question is - is VRF-Lite plus back-to-back connectivity, like 
> > option A for inter AS MPLS, the only viable option I have, or Im 
> > missing something and there are other, more scalable ways to do it?

I think it is today.

Rodney

> > 
> > 
> > Thanks,
> > Andris
> > CCIE #17473
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list