Re: Securing SRDF between two 7204 routers?

olsonc0510 · ‎01-04-2011

I have what I hope is an elementary question. We have a leased line from one office to a DR site which we use to back up our data. We are using Cisco 7204 and and OC3 circuit. The data is sent in blocks (SRDF) and we are sending changes only. However, we are getting requests from compliance to further secure this connection since it is a leased line. I guess I need to know how secure SRDF traffic is and then if required, how to secure it.

Can we create a simple VPN between the two routers without having to use a VPN concentrator or Firewall? If so, what IOS would be required? How much impact will the VPN have on current bandwidth? Any advise or suggestions would be appreciated.

Thanks!

Jerry Ye · ‎01-04-2011

If it is done by hardware, the router's performance impact should be minimum. The current hardware encryption for the 7200 is the VAM2+ module

http://www.cisco.com/en/US/prod/collateral/modules/ps8768/ps7332/data_sheet_c78_48012.html

Regards,

jerry

olsonc0510 · ‎01-04-2011

Thank you. That will help if we have to go that route. Still the original question remains. Does the data need to be further secured? We are using Cisco 9509's to encapsulate the data at both ends. From what I understand, only MDS/Multiprotocol Cisco directors can access this data. Since the circuit is leased to us only, do we really need to add further security?

Jerry Ye · ‎01-04-2011

This is more like a policy question. I've seen customer want to encrypt SSL encrypted traffic in their internal network. My take on this is there is no benefit to do double encryptions but the customer's policy said so.

Regards,

jerry