Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
760
Views
0
Helpful
6
Replies

DLSw and IPSEC

dagates
Level 1
Level 1

‎11-17-2003 05:36 PM

Can anybody tell me if you can have a DLSw+ peer and IPSEC tunnel on the same router? We want to utilize DLSw+ on a branch router and use IPSEC across the WAN back to the corporate office?

Has anybody configured this before?

Any lessons learned?

Recomendations?

Thanks!

Labels:
0 Helpful
6 Replies 6

rclousto
Level 1
Level 1

‎11-17-2003 08:42 PM

I've only done this with SNASw in the lab but I don't see any problems doing the same with DLSw. There wasn't anything special I had to do for this. IPSec can be somewhat CPU intensive though I haven't measured it myself to quantify this. You will also be putting all traffic through that router, but maybe you were doing that anyway. So I'd hesitate to recommend this for a large branch but in most cases it should be fine. Sorry I can't give you any specific numbers. Maybe someone who's done this can share their experience.

Regards, Bob

0 Helpful

dagates
Level 1
Level 1
In response to rclousto

‎11-18-2003 05:36 AM

Bob, thank you for the information. This is one of those things that it should work... but??? I'm just want to tap somebody's experiance who has deployed this a s a solution. Again thanks for the information.

0 Helpful

dmccullo
Level 1
Level 1
In response to dagates

‎11-18-2003 08:06 AM

Hi David,

Yes, multiple customers have deployed this, and it has been tested and measured in specific customer proof of concept labs. The only issue that I'm aware of is that the MTU size requirements are affected by encryption, so be sure to take that into account.

http://www.cisco.com/en/US/tech/tk331/tk336/technologies_tech_note09186a00801d3a9d.shtml

In terms of performance, everyone's traffic is somewhat different, so it's impossible to say for sure. From what I remember of the proof of concept tests, 2600 routers did DLSw+ and software encryption just fine at DS0 rates.

Rgds, Dan

0 Helpful

dagates
Level 1
Level 1
In response to dmccullo

‎11-18-2003 08:58 AM

Dan, I noticed that you are with Cisco. I have not contacted any of our SEs about this yet. Can you point or provide me the details on the lab configuration tested and results. Or provide information so I can point the SE in the right direction.

Thanks again

0 Helpful

iftikhar.qurashi
Level 1
Level 1

‎02-28-2004 10:00 PM

I deployed DLSW+ and IPSEC 3DES on CISCO 2600 router. I had some challenges regarding IOS instability, which were fixed by using correct IOS.

MTU size issue on IPSEC routers with Frame Relay serial interfaces can be fixed by increasing the size to 1600 at interface level, which should be picked by IPSEC automatically.

0 Helpful

dagates
Level 1
Level 1
In response to iftikhar.qurashi

‎02-29-2004 06:28 AM

Thank you for the information.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card