Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
275
Views
0
Helpful
1
Replies

Internal/Private Site-to-Site VPN - 3825/2821

fintheman
Level 1
Level 1

‎06-01-2011 12:24 AM

I've been pouring over a lot of documentation but I think I have a tricky one here.

I have my main branch router (3825) and two remote routers (2821's).  They are connected through leased lines that do not touch the internet.  For various security reasons I have to ensure that the traffic from the remote's are encrypted in a VPN tunnel even though it is still part of a private network.

I have went ahead and created the tunnels and I can verify that they are up.  I have applied the cryptomap to the correct interfaces, etc.,.

So the question is - How do I ensure that traffic is not just being router out of the interface from the remote sites back to the branch router with or without using the VPN tunnel?  I've taken down the tunnels and of course, the traffic is still being passed back and fourth.

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎06-01-2011 09:15 AM

Hi,

So the point is to make sure that we're not routing traffic out in cleartext?

The easiest way it to apply access-groups to interfaces on which the routers are communicating.

If all traffic is to be encrypted the interfaces should only allows UDP/500 (and if needed udp/4500) and ESP (or AH) traffic.

Topology info and some more background could be helpful :-)

Marcin

0 Helpful
Customers Also Viewed These Support Documents