05-16-2011 02:01 AM
Hi Guys....we have two international sites (yet to be commisioned) actually they are datacentres and each will have 4Mbps link....They remote site which is a datacentre will be acessing servers occationaly.
One of teh customer requirment is that the traffic between Site A and site B should be encryted though it will be a private conection not over internet. What options do i have???? on WAN encrption GRE and IPSEC they ahve lot of overheads and keeping in mind that they have two datacentres which will connect to our two datacentres so numbe rof connection would be too much???
any suggestions
Thanks
05-16-2011 07:32 PM
Hi,
Well if you have two sites that needs to connect securely over the Internet, you can configure an IPsec Site-to-Site tunnel between them.
If you need to encrypt other traffic than IP unicast, you include a GRE encapsulation prior encryption to be able to be protected by IPsec.
You can also acomplish this without GRE by using VTI on the routers.
If the two sites connect over a private WAN, then you can have a secure connection without IPsec or GRE.
Are the two sites connecting through a Service Provider that gives you some sort of L2 or L3 private connection?
Federico.
05-16-2011 08:56 PM
Thanks for your reply they will be on private WAN and will be done by a ervic eprovider......so no internet........you have mentioned that we then dont have to have IPSEC if they are on private??? why and what shd we do
05-17-2011 06:44 AM
Hi,
What I mean is that if the link connecting both sides is private somehow (you're not worried about anybody else sniffing the traffic), then there's no need to add the IPsec overhead.
On the other hand, if it's a WAN but still a shared environment and you strongly want to protect your traffic, the extra IPsec overhead might be worth it.
Federico.
05-17-2011 08:13 AM
Well In my humble opinion I agree with requiring a VPN over a private connection. While a "private" connection is dedicated it is not 100% private. The service provider has access to your data as well as anyone who can manage to hack into their network. It happens more often than you would think. If the information is sensitive then a VPN is warranted. A lot of providers just put you on your own VLAN and if you have the skills you can jump VLANs.
Just my 2 cents
05-17-2011 08:40 AM
I happen to agree with the humble opinion.
If you're concerned about the confidentiality of the data, you requiere encryption no doubt.
I'm just saying is not the only way out there if want to avoid the extra overhead (definitely worth it if security is your priority).
Federico.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide