Re: IPSec and DMVPN Tunnel Encrytpion

MrBeginner · ‎11-15-2018

Hi,

I am begineer in networking.I confuse in encryption.

In our branches have two VPN tunnel. One is IPSec and other is DMVPN tunnel.IPsec go to DC 1 and DMVPN tunnel go to DC2.

I would like to know :

one isakmp policy IPsec tunnel apply physical interface .

For eg. int G0/0

crypto map ipsec

for DMVPN : ohter isakmp policy apply dmvpn tunnel

eg: int tunnel 0

tunnel protection ipsec profile protect-gre

In this scenario, i worry dmvpn traffic will double encrypted ? because my understanding is

Data Traffice==>LAN==>Physical==>Tunnel ?

Or They will auto sperate tunnel because of ACL rule of IPSec ?

Rob Ingram · ‎11-15-2018

Hi,
Only traffic matching the ACL you've defined would be encrypted and routed over the IPSec VPN to DC1. Any traffic that is not defined in that ACL would not be encrypted.

I assume you've got a static route or routing protocol to route traffic to DC2 via the DMVPN tunnel. If that's the case then only the traffic would be routed over the DMVPN tunnel encrypted.

HTH

MrBeginner · ‎11-15-2018

Hi,
If i use BGP to peer with ISP router. I also want to run EBGP in DMVPN Tunnel and IPSec Tunnel ,is it OK ?
What is the best practice. Someone said if i run EBGP it will be double AS ?
They recommand that i should use BGP to peer ISP router only and for the tunnel i should us EIGRP stub,is it correct ?

Rob Ingram · ‎11-16-2018

Yes, you can use BGP or EIGRP, both are fine and supported/recommended.

If you use EIGRP, yes you can use EIGRP stub

HTH