[c-nsp] MPLS and IPSEC co-working

Alex ecralar at hotmail.com
Thu Aug 16 12:47:26 EDT 2007


Hi there,
If encryption does not necessarily have to be done by Cisco why not have a 
look at L2 hardware encryptors?
http://www.cipheroptics.com/pdf/datasheet-esg.pdf
Cheers
Alex

----- Original Message ----- 
From: "Oliver Boehmer (oboehmer)" <oboehmer at cisco.com>
To: "Andris Zarins" <a.zarins at lattelecom.lv>; <cisco-nsp at puck.nether.net>
Sent: Thursday, August 16, 2007 5:31 PM
Subject: Re: [c-nsp] MPLS and IPSEC co-working


> Andris Zarins <> wrote on Thursday, August 16, 2007 1:44 PM:
>
>>> Hi,
>>>
>>> Network setup is pretty trivial - three routers running MPLS (LDP
>>> full-mesh) to support 20+ MPLS VPNs. Tricky part, is that customer is
>>> asking to secure that infrastructure by running IPSEC (3DES). As far
>>> as I know, I can not run LDP over Tunnel interfaces, and crypto-maps
>>> will not help also. Concept of running IPSEC between CPEs doesn't
>>> make sense, as there are no CPEs :(
>>>
>>>
>>> Question is - is VRF-Lite plus back-to-back connectivity, like option
>>> A for inter AS MPLS, the only viable option I have, or Im missing
>>> something and there are other, more scalable ways to do it?
>
> well, you can run MPLSoGRE at least on SW-based platforms (like the
> 7200), haven't checked for 6500/7600 or GSR.. You could also use
> BGP-L3VPN over L2TPv3 and then encrypt the L2TPv3 traffic using
> crypto-maps..
>
> Not a complete solution, I know..
>
> oli
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 



More information about the cisco-nsp mailing list