Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1176
Views
0
Helpful
4
Replies

How to protect data from ISP over an MPLS/Point to point link?

Sheraz_35
Level 1
Level 1

‎12-23-2018 09:47 AM - edited ‎03-10-2019 01:08 AM

Hi,

 

So we have a couple of dedicated MPLS and point to point Ethernet links provided by an ISP to link all of our offices, the question has arisen if there is anyway we can protect our data if someone from the ISP sniffs it, as it goes across their network, so far we have come up with running an IPSEC VPN over the dedicated point to point links, but it's not great solution, is there any other technology made for this situation that we could use? Essentially, we  want everything that leaves our device to go onto the ISP network to be encrypted. Changing ISP is not really an option since the country we are operating in, everything is owned by the government and they're all the same. 

 

Thanks

Labels:
0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎12-23-2018 12:32 PM

If you have many links, they also need to talk to each other.

 

Look at option of DMVPN or GETVPN.

 

https://www.cisco.com/c/en/us/products/security/group-encrypted-transport-vpn/index.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Sheraz_35
Level 1
Level 1
In response to balaji.bandi

‎12-25-2018 07:58 PM

Hi,

 

Thank you for reply, the only problem is we are using ASA and this does not support the DMVPN or GetVPN, I will see if we can use a router instead.  Thanks for the idea.

 

Regards

 

 

0 Helpful

Dennis Mink
VIP Alumni
VIP Alumni

‎12-23-2018 08:55 PM

Whats the issue with ipsec?

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni

‎12-24-2018 12:04 AM

Hi

Ipsec is the good way to encrypt your data and make sure your ISP can't see in clear your traffic.
Now you have different solutions:
- IPSEC L2L: static vpn and time consuming + hard to manage of you have multiple sites and you want a full mesh design.
- DMVPN and GETVPN: uses Ipsec technology but in a more dynamic way for full mesh design. The base design will be in hup to spoke architecture with the ability to have spoke to spoke tunnels built automatically if any communication between remote sites is needed.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents