We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 622 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

 

401 New Members signed up the last 30 days!

satisfaction-guaranteed

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,


Forum Replies

  1. Due to an audit we just had we need to encrypt all traffic going out MPLS, should my ACL include the LANs and BGP/30 network in the ACL on my MPLS router in the datacenter (which is acting as the KS)?
    In your lab you used OSPF but we’re running BGP, is it better to use a IGP verse BGP?

  2. Hi Corwyn,

    It shouldn’t matter too much that you use BGP. There is one issue with BGP/GETVPN where traffic can be get blackholed if a GM doesn’t receive keys. Take a look at this:

    https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_getvpn/configuration/15-mt/sec-get-vpn-15-mt-book/sec-get-vpn.html#concept_44F369138B744BCB8A2AEB90925C4433

    Apparently, the “Routing Awareness for BGP” feature prevents this from happening but that’s something you should test.

    I think the answer depends on what “all traffic” exactly means. Is this about data from your LANs or

    ... Continue reading in our forum

  3. I’ll encrypt all traffic including BGP but thanks for the link I’ll read about it.

Ask a question or join the discussion by visiting our Community Forum