Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
358
Views
4
Helpful
2
Replies

Encrypt traffic generated on a remote router?

Mark_Matthias
Level 1
Level 1

‎11-16-2005 11:43 AM - edited ‎03-09-2019 01:04 PM

Will a router encrypt traffic from a segment it is not direclty connected to?

I created the following example to explain my question:

The subnet for all segments is 255.255.255.0

router2010 services the 10.20.10.0 ethernet segment

and has a link using 10.150.0.0 segment to router2020

router2020 services the 10.20.20.0 ethernet segment

and has a link using the 10.51.0.0 segment to router30

router30 services the 10.30 ethernet segment

I want to encrypt all traffic between both 10.20 segments and the 10.30.0.0 segment only between router2020 and router30.

My access list on router2020 reads as follows:

ip access-list extended R2020TO30-encryption

permit ip 10.20.0.0 0.0.255.255 10.30.0.0 0.0.255.255

My access list on router30 reads as follows:

ip access-list extended R2020TO30-encryption

permit ip 10.20.0.0 0.0.255.255 10.30.0.0 0.0.255.255

Will router2020 encrypt traffic from 10.20.10.0 segment even though that traffic does not originate on a segment directly connected to router2020?

or do I have to set up an encryption between router2010 and router30 to accomplish that?

Where can I find information about this?

Thanks,

Mark

Labels:
0 Helpful
2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

‎11-16-2005 12:18 PM

Mark

Am I correct in assuming that when you speak of encrypting traffic that you are talking about using IPSec?

A router does not need to be directly connected to a segment to be able to do IPSec encryption for that segment. So in your example I do not see a problem to have router 2020 encrypt traffic with source address 10.20.10.0 and 10.20.20.0.

One detail: I would revise the access list on router 30:

permit ip 10.30.0.0 0.0.255.255 10.20.0.0 0.0.255.255

on router 30 the source addresses will be 10.30 and the destination addresses will be 10.20.

HTH

Rick

HTH

Rick

Mark_Matthias
Level 1
Level 1
In response to Richard Burts

‎11-16-2005 01:06 PM

Yes Rick, I am talking about IPSec. Thanks for your reply.

Do you (or anyone else) know of any examples on Cisco's web pages or other documentation where I can show that this will work to my client?

Thanks,

Mark

0 Helpful
Customers Also Viewed These Support Documents