Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2028
Views
0
Helpful
7
Replies

L3VPN and IPsec

Go to solution
Petar Bajovic
Level 1
Level 1

‎07-10-2014 04:25 AM - edited ‎02-21-2020 07:43 PM

I have to ask if someone have any literature about How to make L3VPN, and use IPsec to encrypt traffic between L3VPN end nodes.

Thank you.

Petar

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to Petar Bajovic

‎07-11-2014 04:26 AM

Petar, 

For CE CE we're typically recommend GETVPN, still IPsec with GDOI for control plane. It does encrypt the IP header, but it preserves the original header. 

Vide: 

http://www.cisco.com/c/dam/en/us/products/collateral/security/group-encrypted-transport-vpn/prod_presentation0900aecd80582031.pdf

slide 9.

 

M.

 

M.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
nkarthikeyan
Level 7
Level 7

‎07-11-2014 03:37 AM

Hi Petar,

 

I guess this is very typical kind of solution.... we can have l3vpn over GRE.... but you are looking for L3VPN over gre over ipsec, i guess it should not be an ideal solution to go with... but let me try if we can be able to do with...

 

Regards

Karthik

0 Helpful

Go to solution
Petar Bajovic
Level 1
Level 1
In response to nkarthikeyan

‎07-11-2014 03:52 AM

Maybe you didn't undersand me or maybe I asked wrong question. Situation is next:

I need to connect customers sites (L3VPN), and encrypt traffic between those sites with IPsec. Is it possible or is there some other solution?

Best regards,

Petar

0 Helpful

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to Petar Bajovic

‎07-11-2014 04:08 AM

Petar, 

 

Are you talking about CE-CE or PE-PE encryption? 

Are we talking about encryption of "last mile" or end to end?

Are we talking about encrypting customer traffic or links?  

 

M.

0 Helpful

Go to solution
Petar Bajovic
Level 1
Level 1
In response to Marcin Latosiewicz

‎07-11-2014 04:21 AM

Hi Marcin Latosiewicz and nkarthikeyan,

We are talkin about encrypting traffic between CE-CE routers, and encrypting customer traffic (just payload). In this case, I think, that we are not talking about IPsec tunnels, then we are talking about just about encryption of traffic (payload, not IP header).

Best regards,

Petar

0 Helpful

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to Petar Bajovic

‎07-11-2014 04:26 AM

Petar, 

For CE CE we're typically recommend GETVPN, still IPsec with GDOI for control plane. It does encrypt the IP header, but it preserves the original header. 

Vide: 

http://www.cisco.com/c/dam/en/us/products/collateral/security/group-encrypted-transport-vpn/prod_presentation0900aecd80582031.pdf

slide 9.

 

M.

 

M.

0 Helpful

Go to solution
Petar Bajovic
Level 1
Level 1
In response to Marcin Latosiewicz

‎07-11-2014 04:38 AM

Thank you Marcin Latosiewicz..I will try to do like this. I get the point. 

Thank you both Marcin Latosiewicz and nkarthikeyan

Best regards,

Petar

0 Helpful

Go to solution
nkarthikeyan
Level 7
Level 7
In response to Petar Bajovic

‎07-11-2014 04:09 AM

Hi Petar,

 

As per my knowledge we cannot do it. Eventhough i can see the related ietf record for the same. But in real time scenario we do not have the possible solution.

http://tools.ietf.org/html/draft-ietf-l3vpn-rfc2547bis-03

 

We can have the L3VPN using GRE tunnel. But am not sure we can have the IPSec protection for the same.

 

Regards

Karthik

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents