cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1910
Views
0
Helpful
3
Replies

Encrypted Traffic in MPLS L3 VPN Possible ?

pgyogeshkumar
Level 1
Level 1

Although MPLS L3 VPN is more secure than Internet connection, it is not fully secured. Anybody from service provider can capture the packet passing through it.

 

Is it possible to send IPsec encrypted traffic through MPLS L3 VPN and then decrypt it at the far end ?? If so how it can be created end to end by having L3MPLS VPN in between

 

I guess Ipsec VPNs are created between end to end LAN subnets and not with WAN subnets. Moreover IPSEC can be created with a point to point network. Is it possible to implement Ipsec without point to point (any to any) so that entire MPLS VPN will have encrypted traffic ?

3 Replies 3

Joseph W. Doherty
Hall of Fame
Hall of Fame

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Sure, it's possible.  You either do IPSec between hosts, or run some kind of encrypted overlay (like you would for any other L3 topology, regardless of media).

Adding to @Joseph just mentioned, ensure that you are taking care of MTU settings throughout your network and even proper MTU settings is set on the CE side.

Thanks
--Vinit

Although MPLS L3 VPN is more secure than Internet connection

If done properly, I would consider an IPsec-VPN-connection through the internet as highly more secure then MPLS-VPNs (without encryption). The IPsec-VPN is probably the strongest link in your complete security-chain.

> Is it possible to send IPsec encrypted traffic through MPLS L3 VPN

Take also a look at GETVPN. That's build for scenarios like securing MPLS-VPNs.