VRF-Aware IPSec
IPSec-aware VRFs add a layer of encryption to MPLS to
create a "tunnel within a tunnel." In other words, VPNs themselves by definition
create private, partitioned tunnels within a shared network. Now, IPSec
encryption can be mapped to individual MPLS VPN tunnels for an added layer of
security.
"Before the advent of MPLS, IPSec code was configured on an
interface-by-interface basis. However, MPLS sends traffic between VRFs rather
than interfaces," explains Dan Gill, a technical marketing manager in the Cisco
Internet Technologies Division. "Now, IPSec can be enabled on a per-VRF basis
[for MPLS networks] in addition to on a per-interface basis [for pure IP
networks]," says Gill.
Robert McCallum
CCIE #8757
R&S
01415663448
07818002241
Good Day,
I have
been investigating securing MPLS for a Large Bank.
I have looked at DMVPN and IPSEC as options but both have
problems.
Is there any good recommendations
from any other Banks which have secured MPLS over a public
infrastructure.
Kind Regards,
Andy Brauer
Business Connexion
Networks (Pty) Ltd
Office: +27 (0)11 266 1174
Mobile: +27 (0)82 453 8992
Fax: +27 (0)11 266 1001
Email:
Andy.Brauer@bcx.co.za
Web Site:
www.bcx.co.za
NOTICES:
1. This
message and any attachments are confidential and intended solely for the
addressee. If you have received this message in error, please notify the
sender at Business Connexion (Pty) Ltd immediately. Any unauthorised use,
alteration or dissemination is prohibited.
2. Business Connexion (Pty) Ltd accepts no
liability whatsoever for any loss whether it be direct, indirect or
consequential, arising from information made available and actions resulting
there from.
3. Please note that Business Connexion only binds
itself by way of signed agreements. 'Signed' refers to a hand-written
signature, excluding any signature appended by 'electronic communication' as
defined in the Electronic Communications and Transactions Act, no. 25 of
2002.
4. Directors: P.A. Watt, A.C. Farthing, M.W.
Schoeman, B. Mophatlane, I. Mophatlane, B. Sithole.