Check the second bullet point on page 44. http://www.cisco.com/web/strategy/docs/gov/IntegNet_Feb17_915_Lynn.pdf
Will DMVPN work? On Aug 8, 2011, at 10:02 PM, Matt Hill wrote: > Hi There, > > NLR - Not List Related. If this does not interest you, then please > ignore/delete, otherwise, please continue. > > A client of mine is interested in using GETVPN to simplify full-mesh > IPSec deployments. They have a requirement to hide the IPs of the > hosts talking over the VPN. This is currently done via sending > everything down a GRE tunnel so the only traffic seen over the network > is just the tunnel endpoints, as opposed to the talking hosts. > > Consider: > > HostA--R1--OtherNetwork--R2--HostB > > "OtherNetwork" being the transit network. Someone sitting in there > only sees a bunch of encrypted traffic from R1 to R2 and vice-versa. > They dont know it is HostA talking to HostB or some other host on each > site. With GETVPN and IP Header Preservation (which has its merits) > one can see the originating hosts, with the data being encrypted. > > So, is there any way to conceal the end host IP addresses whilst using > GETVPN? The configuration guide just tells me how good IP Header > Preservation is > (http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_encrypt_trns_vpn_ps10591_TSD_Products_Configuration_Guide_Chapter.html) > and some Googling the best result I can find is that "By default, > GETVPN preserves the header". The word "default" implies I can change > this default behaviour somehow. > > Any help is appreciated. > > Cheers, > Matt > > CCIE #22386 > CCSI #31207 > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
