Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Encryption without IPsec 1

Status
Not open for further replies.
netgazoo

netgazoo

Programmer
Sep 18, 2008
2
CA
Is it possible to encrypt all TCP or IP packets without using IPsec. All routers would hardcode this way of doing things (no policy negotiation).

Our problem is that we are using a cisco 3250/30 router and that the GETVPN feature is not available on those router. The GETVPN feature is used in secure networks using multicast. Because we are using multicast, the only other alternative is DMVPN which is less than adequate because each packet is replicated for every destination.
 
Sort by date Sort by votes
That's not true netgazoo. We use DMVPN for numerous customers and the keyword multicast is not used as you would see in LAN or WAN multicast deployments unless you enable PIM on your tunnel interface. It is used to help build the NHRP table for the hub and spokes.

Basically, you can use either IPSec or SSL for your encryption protocol available through IOS. Even though DMVPN or GET or EZVPN they use IPSec for providing encryption and authentication services.

The question is, what are you trying to accomplish exactly. The rugged ISRs do support IPSec and EZVPN. Not sure about DMVPN support honestly.

cf
 
Upvote 0 Downvote
You could use CHAP to authenticate, or if you're using a routing protocol, you can use MD5 keychains...

Burt
 
Upvote 0 Downvote
Thank you ciscofreak1241 (MIS) for responding.

The network
-----------
We will have a private virtual network provided by a telephone company. We will have physical ports to connect to in the field.

The fleet
---------
Mobile unit will connecting and disconnecting from these port. The mobile units have computers behind a 3250 cisco router.

More information
----------------
For various reasons, the data and the network needs to be protected against hacking. Most of the data on the network is low bandwidth multicast data. People on the mobile units are not technical people at all, so the router needs to work when connected (plug and play). The network topology may change in the future, for example some units maybe daisy chained.

The problem
-----------
My immediate problem is to configure the 3250 to provide encryption to this network but in a way that is simple and dynamic.

Solution 1
----------
If we could just encrypt all the data (with a manual key) that is going out of the router that would be great (No IPsec shit). Unfortunatly, no encryption seems to be provided without IPsec.

Solution 2
----------

So the most simple and dynamic way of configuring the network is to use DMVPN.

Problem with Solution 2
-----------------------
DMVPN seems to require key servers (no manual options). The key server(s) need to be on the mobile unit. No single mobile unit can be expected to be on the network for a long periods of time (say 8 to 24). Unit may leave and come back at any time.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

napoleao
  • Locked
  • Question
IPSec VPN
Replies
3
Views
106
napoleao
napoleao
Solarlight1
  • Locked
  • Question
Cisco Config Help/IPSEC VPN
Replies
4
Views
130
ADB100
ADB100
dschlic1
  • Locked
  • Question
How to configure a Cisco 2811 router for IPSec passthrough
Replies
1
Views
38
imbadatthis
imbadatthis
bazil2
  • Locked
  • Question
Unable to connect two switch using two fibre optic cable without one port forcing to 'disable'.
Replies
3
Views
86
topdabadawg
topdabadawg
Ammerpasvision
  • Locked
  • Question
L2TP over IPSEC through cisco 876
Replies
0
Views
32
Ammerpasvision
Ammerpasvision

Part and Inventory Search

Sponsor

Back
Top