Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
633
Views
0
Helpful
5
Replies

Secure VPN Over private WAN

The_guroo_2
Level 2
Level 2

‎05-16-2011 02:01 AM

Hi Guys....we have two international sites (yet to be commisioned) actually they are datacentres and each will have 4Mbps link....They remote site which is a datacentre will be acessing servers occationaly.

One of teh customer requirment is that the traffic between Site A and site B should be encryted though it will be a private conection not over internet. What options do i have???? on WAN encrption GRE and IPSEC they ahve lot of overheads and keeping in mind that they have two datacentres which will connect to our two datacentres so numbe rof connection would be too much???

any suggestions

Thanks

Labels:
0 Helpful
5 Replies 5

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎05-16-2011 07:32 PM

Hi,

Well if you have two sites that needs to connect securely over the Internet, you can configure an IPsec Site-to-Site tunnel between them.

If you need to encrypt other traffic than IP unicast, you include a GRE encapsulation prior encryption to be able to be protected by IPsec.

You can also acomplish this without GRE by using VTI on the routers.

If the two sites connect over a private WAN, then you can have a secure connection without IPsec or GRE.

Are the two sites connecting through a Service Provider that gives you some sort of L2 or L3 private connection?

Federico.

0 Helpful

The_guroo_2
Level 2
Level 2
In response to Federico Coto Fajardo

‎05-16-2011 08:56 PM

Thanks for your reply they will be on private WAN and will be done by a ervic eprovider......so no internet........you have mentioned that we then dont have to have IPSEC if they are on private??? why and what shd we do

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to The_guroo_2

‎05-17-2011 06:44 AM

Hi,

What I mean is that if the link connecting both sides is private somehow (you're not worried about anybody else sniffing the traffic), then there's no need to add the IPsec overhead.

On the other hand, if it's a WAN but still a shared environment and you strongly want to protect your traffic, the extra IPsec overhead might be worth it.

Federico.

0 Helpful

travis-dennis_2
Level 7
Level 7
In response to Federico Coto Fajardo

‎05-17-2011 08:13 AM

Well In my humble opinion I agree with requiring a VPN over a private connection.  While a "private" connection is dedicated it is not 100% private.  The service provider has access to your data as well as anyone who can manage to hack into their network.  It happens more often than you would think.  If the information is sensitive then a VPN is warranted.  A lot of providers just put you on your own VLAN and if you have the skills you can jump VLANs.

Just my 2 cents

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to travis-dennis_2

‎05-17-2011 08:40 AM

I happen to agree with the humble opinion.

If you're concerned about the confidentiality of the data, you requiere encryption no doubt.

I'm just saying is not the only way out there if want to avoid the extra overhead (definitely worth it if security is your priority).

Federico.

0 Helpful
Customers Also Viewed These Support Documents