01-13-2011 09:02 PM - edited 02-21-2020 05:05 PM
Hi Gurus,
We would like to implement MPLS with Ingress PE NAT, so customer with overlapping IP addresses can access the shared services, as describe in the given document:
My Question is that can we run GETVPN between the PE routers, so satisfy the customer that all the customer traffic trying to access shared services are encrypted?
Best Regards,
Ahmed.
01-14-2011 05:33 AM
Hi Ahmed,
I think that depends on where do you put the GMs. Basically, GETVPN doesn't work with NAT-T. So, if you want all customer CE and shared service CE in the same GETVPN group, then this won't work. However, if you want all PEs in the GETVPN cloud, then NAT will happen before encryption; so, that will work with no problem, but traffic from CE to PE is not encrypted.
Regards,
Lei Tian
01-17-2011 04:07 AM
Hi,
Thanks Lei for your response.
It means we can run GETVPN among PE and P routers without any problem. We can establish a separate point-to-point tunnel between CE and PE.
Do you have specific document showing configuration of MPLS on PE and P routers, along with GETVPN?
Best Regards,
Ahmed Shahzad.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide