The MPLS-OPS Archive

Cell Relay Retreat>MPLS-OPS Archive>month:2002-Nov> msg00065



[Date Prev][Date Next][Thread Prev][Thread Next]  
  [Date Index][Thread Index][Author Index][Subject Index]

Re: Fwd: IPSEC Virtual router and MPLS Vitual router

  • From: Christopher Lewis <chrlewis@cisco.com>
  • Date: Thu, 21 Nov 2002 07:12:52 -0600
  • Cc: MPLS-ops Mailing List <mpls-ops@mplsrc.com>
  • Resent-Date: Thu, 21 Nov 2002 09:57:46 -0500
  • To: Roger Clark Williams <rogerw@nordlink.com>
  • X-Sender: chrlewis@fargo.cisco.com

Roger,

I read the original question differently. I read it as  how to terminate 
IPsec tunnels in to an MPLS VPN VRF. The scenario is for off-net 
connections to an MPLS VPN. In this case there are two scenarios, fixed 
site and remote access. Fixed sites using Ipsec can be given a tunnel 
destination that equates to an IP address of an interface on a PE router 
that terminates to a VRF belonging to the customer. In the case of remote 
access dial or whatever over IPsec there can be some additional things that 
need to be done.

Kenneth, There is a tested solution for this on the equipment you mention, 
but the documentation will not make it to CCO for a few months, please 
contact your Cisco account team for details, if they are unfamiliar with 
it, please ask them to contact me.

Cheers

Chris

At 03:20 PM 11/20/2002, Roger Clark Williams wrote:
>Cisco's product VPN Solution Center will build either MPLS or IPsec VPNs 
>across an MPLS network. Consider that IPsec is just IP in an IP wrapper, 
>so MPLS sees it as just another MPLS-bound piece of IP traffic. Obviously, 
>before that happens IPsec has to do its security magic, but from then on, 
>as far as the MPLS network is concerned,  it's just IP as normal.
>
>Roger Williams
>
>
>>Resent-Date: Wed, 20 Nov 2002 10:20:05 -0500
>>X-Authentication-Warning: host.secure4-hosting.net: mplsrc12 set sender 
>>to mpls-ops-request@mplsrc.com using -f
>>From: "Hull, Kenneth A." <KHULL@alleghenyenergy.com>
>>To: "'mpls-ops@mplsrc.com'" <mpls-ops@mplsrc.com>
>>Date: Wed, 20 Nov 2002 10:00:01 -0500
>>X-Mailer: Internet Mail Service (5.5.2653.19)
>>Subject: [MPLS-OPS]: IPSEC Virtual router and MPLS Vitual router
>>Resent-From: mpls-ops@mplsrc.com
>>X-Mailing-List: <mpls-ops@mplsrc.com> archive/latest/4806
>>X-Loop: mpls-ops@mplsrc.com
>>Resent-Sender: mpls-ops-request@mplsrc.com
>>
>>Does any one have any stories, experience, etc, about integrating IPSEC VPN
>>VRF's with MPLS VPN VRF's using Cisco 7206VXR's, Cisco Catalyst 6500 w/MSFC,
>>and Cisco GSR 12000's.
>>
>>It appears L2TP VPN is the best we can do to integrate with MPLS.
>>
>>Thanks,
>>
>>
>>Ken Hull
>>Network Services Manager
>>Allegheny Communications Connect
>>
>>-------
>>The MPLS-OPS Mailing List
>>Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
>>Archive: http://www.mplsrc.com/mpls-ops_archive.shtml
>
>-------
>The MPLS-OPS Mailing List
>Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
>Archive: http://www.mplsrc.com/mpls-ops_archive.shtml

-------
The MPLS-OPS Mailing List
Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
Archive: http://www.mplsrc.com/mpls-ops_archive.shtml