[c-nsp] MPLS - IPsec tunnel between a PE and CE
Arie Vayner (avayner)
avayner at cisco.com
Sun Oct 16 15:18:54 EDT 2011
Nduati,
ISC is just the management solution. You can still provision the same
functionality using manual configuration...
You should be able to put create an encrypted GRE tunnel (in the global
routing table), and then put the tunnel in the VRF (just put the "ip vrf
forwarding" config on the tunnel interface).
Be careful with hardware based platforms (such as 6500/7600) as they do
not support IPSec in hardware (unless using the right service module).
Arie
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Wakwa Nduati
Sent: Saturday, October 15, 2011 20:56
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] MPLS - IPsec tunnel between a PE and CE
Hi,
I run an mpls network.
Recently a customer acquired an office where my L2 network was not
present and had to connect to another ISP.
He would like this branch to join in the MPLS cloud.
On digging around in cisco I read that this is possible using ISC.
*
http://www.cisco.com/en/US/docs/net_mgmt/ip_solution_center/3.0/mpls/use
r/guide/6_iscqsg.html#wp1045706
*
Site-to-Site IPsec Tunnels: One-Box Solution Unfortunately I do not have
ISC and this sounds like the right solution for my client.
Any pointers, leads, examples much appreciated on how to work this on
both the PE and CE router.
Regards
Nduati.
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list