Hi Mahmoud,
For an MPLS scenario where you already have connectivity, GET VPN (RFC
3547) being a tunnel-less solution is an optimum choice.
HTH
On Jun 15, 2012 8:00 AM, "Mahmoud Genidy" <ccie.mahmoud_at_gmail.com> wrote:
> Hi Team,
>
> I'm looking for the simplest way to configure an IPSEC over MPLS CE-to-CE.
>
> It is just a point to point MPLS link (Two sites). Routing CE to PE is BGP
> in both sides. Routes between the two sites are currently interchanged
> through redistribution inside the BGP at both sites.
>
> As of my best understanding, what I plan to do is:
>
> - Configure a GRE tunnel between the two CE routers in which the IPSEC
> encryption will be applied.
>
> - Configure a second routing protocol to run over the GRE tunnel to
> interchange routes between the two sites, for example OSPF
>
> - Configure a static route in each site to reach the other end's tunnel
> source through the MPLS link
>
> - No routes need to be interchanged through the MPLS "BGP" link, may be
> only a default route
>
> Would any one validate/recommend other solution?
>
> Cheers
> Mahmoud
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri Jun 15 2012 - 12:12:00 ART
This archive was generated by hypermail 2.2.0 : Sun Jul 01 2012 - 10:39:52 ART