We want to encrypt tn3270 and DLSw traffic over our frame relay network
and I'm in the beginning planning stages. I have it working in a test
lab but I have a question about what will happen in the production
network.
We have DSL backup at some locations and dial backup over PSTN at most
others. My concern is that our traffic will not be encrypted if the
location is on backup. This isn't a major concern because that hardly
ever happens but I'm curious about how to configure this should we
decide to.
It seems that all that would be necessary is to create another crypto
map with another peer and then attach that to the interface pointing
toward the DSL side. I neglected to mention that we have 90 locations,
30 with DSL, and they all connect back here to the same 7513. Each
branch will have to peer with the 7513 using ipsec. At the locations
with always-on DSL, it seems that the branch would have to peer twice
with the 7513, once for each possible route. Is that the case? When do
peers actually begin the negotiation process? Is it only when traffic
is present? If that's the case, then I'm okay. If it's not the case,
then the remote router would have two peering sessions with the 7513.
That means that poor 7513 would have around 150 crypto peers! Is that
bad? :-)
At this point I'd really rather not even bother encrypting traffic when
they're on backup. With out network design it seems like that would
cause far more problems that it solved.
any thoughts?
Thanks,
John
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=9225&t=9225
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
