10-23-2015 08:25 AM - edited 03-05-2019 02:34 AM
Although MPLS L3 VPN is more secure than Internet connection, it is not fully secured. Anybody from service provider can capture the packet passing through it.
Is it possible to send IPsec encrypted traffic through MPLS L3 VPN and then decrypt it at the far end ?? If so how it can be created end to end by having L3MPLS VPN in between
I guess Ipsec VPNs are created between end to end LAN subnets and not with WAN subnets. Moreover IPSEC can be created with a point to point network. Is it possible to implement Ipsec without point to point (any to any) so that entire MPLS VPN will have encrypted traffic ?
10-23-2015 08:49 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Sure, it's possible. You either do IPSec between hosts, or run some kind of encrypted overlay (like you would for any other L3 topology, regardless of media).
10-23-2015 08:54 AM
Adding to @Joseph just mentioned, ensure that you are taking care of MTU settings throughout your network and even proper MTU settings is set on the CE side.
10-23-2015 09:21 AM
> Although MPLS L3 VPN is more secure than Internet connection
If done properly, I would consider an IPsec-VPN-connection through the internet as highly more secure then MPLS-VPNs (without encryption). The IPsec-VPN is probably the strongest link in your complete security-chain.
> Is it possible to send IPsec encrypted traffic through MPLS L3 VPN
Take also a look at GETVPN. That's build for scenarios like securing MPLS-VPNs.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide