cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
961
Views
5
Helpful
4
Replies

Encryption in a WAN Routed Network

lupobcn83
Level 1
Level 1

Dear all,

 

I got a problem regarding encryption, and I am not sure how I should focus on the problem. I do not have that much of experience in the encryption world.

I got a WAN network (sharing the same IP Address/bcast domain). There are 4 locations and 6 routers (C3925).

Location 1 - Router 1 - 192.168.220.1
Location 2 - Router 1 - 192.168.220.2
Location 3 - Router 1 - 192.168.220.31
Location 3 - Router 2 - 192.168.220.32
Location 4 - Router 1 - 192.168.220.41
Location 4 - Router 2 - 192.168.220.42

The six routers run ospf for the networks within each location and they converge without problems (each router sees the other ones as OSPF neighbors, since they have been explicitly configured as neighbors). Everything works fine.

 

The customer wants however to encrypt the communication in the WAN (IPSec). Therefore my question:

Is somehow possible to do it in this environment or should several tunnels be created and then routed through them?

 

Thanks a lot!

1 Accepted Solution

Accepted Solutions

Right.

The only issue with OSPF i will say is the summarization, apart from that you won't get any problems. But again this will depend on your setup.

 

Thanks for the rating.

good luck with your implementation. Its been a while since i played with DMVPN.

if you need any help don't hesitate to ask.

 

Regards,

 

Steve

View solution in original post

4 Replies 4

Terence Payet
Level 1
Level 1

Hi,

 

i think the best approach to this is to configure DMVPN, in which it will be like a hub and spoke scenario or even spoke to spoke. But you will need to plan well as DMVPN doesn't scale well with OSPF especially if you're gonna do some 'summarization'.

 

Have a look at the below link.

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-mt/sec-conn-dmvpn-15-mt-book/sec-conn-dmvpn-dmvpn.html

 

HTH.

 

Please rate helpful post.

 

Regards,

 

Steve

Thanks for your answer! The link was very helpful.

 

I suppose that if the WAN network is not only running OSPF but a combination of EIGRP and OSPF, the challenge escalates very quickly, right?

 

Best regards.

Right.

The only issue with OSPF i will say is the summarization, apart from that you won't get any problems. But again this will depend on your setup.

 

Thanks for the rating.

good luck with your implementation. Its been a while since i played with DMVPN.

if you need any help don't hesitate to ask.

 

Regards,

 

Steve

The overall network quantity is not that big. Therefore I think I won't summarize.