IPSEC over MPLS (CE-to-CE)

Hi Team,

I'm looking for the simplest way to configure an IPSEC over MPLS CE-to-CE.

It is just a point to point MPLS link (Two sites). Routing CE to PE is BGP
in both sides. Routes between the two sites are currently interchanged
through redistribution inside the BGP at both sites.

As of my best understanding, what I plan to do is:

- Configure a GRE tunnel between the two CE routers in which the IPSEC
encryption will be applied.

- Configure a second routing protocol to run over the GRE tunnel to
interchange routes between the two sites, for example OSPF

- Configure a static route in each site to reach the other end's tunnel
source through the MPLS link

- No routes need to be interchanged through the MPLS "BGP" link, may be
only a default route

Would any one validate/recommend other solution?

Cheers
Mahmoud

Blogs and organic groups at http://www.ccie.net
Received on Fri Jun 15 2012 - 14:56:44 ART