Solved: Traffic encryption

mdjan · ‎07-19-2017

Hello Guys,

I would like to interconnect to site via fiber optic en mode peer to peer. It is possible to encrypt all traffic on this link? which king of router/firewall we should use? And how to do traffic encryption without VPN?

THANKS

Julio E. Moisa · ‎07-19-2017

Hi

You could create a GRE tunnel with IPSEC. Take in consideration you must configure the MTU and TCP mss, in order to avoid inconveniences.

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

Julio E. Moisa · ‎07-19-2017

Hi

You could create a GRE tunnel with IPSEC. Take in consideration you must configure the MTU and TCP mss, in order to avoid inconveniences.

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

mdjan · ‎07-19-2017

Thank for your reply

I already think about that idea at first but I was not sure if it was the good designing in this case which is a peer to peer connection.

Julio E. Moisa · ‎07-19-2017

Hi

Yes, it can be considered as part a good design, the following link can be useful:

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/P2P_GRE_IPSec/P2P_GRE/2_p2pGRE_Phase2.html

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

mdjan · ‎07-20-2017

Thank eduardomoi

Julio E. Moisa · ‎07-20-2017

Hi,

It was a pleasure, have a great day.

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Karsten Iwen · ‎07-20-2017

In situations like these, I would go for MACsec where the switches do the link-encryption. This can achieve line-rate encryption where a firewall would need to be very good sized.