Hi There, NLR - Not List Related. If this does not interest you, then please ignore/delete, otherwise, please continue.
A client of mine is interested in using GETVPN to simplify full-mesh IPSec deployments. They have a requirement to hide the IPs of the hosts talking over the VPN. This is currently done via sending everything down a GRE tunnel so the only traffic seen over the network is just the tunnel endpoints, as opposed to the talking hosts. Consider: HostA--R1--OtherNetwork--R2--HostB "OtherNetwork" being the transit network. Someone sitting in there only sees a bunch of encrypted traffic from R1 to R2 and vice-versa. They dont know it is HostA talking to HostB or some other host on each site. With GETVPN and IP Header Preservation (which has its merits) one can see the originating hosts, with the data being encrypted. So, is there any way to conceal the end host IP addresses whilst using GETVPN? The configuration guide just tells me how good IP Header Preservation is (http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_encrypt_trns_vpn_ps10591_TSD_Products_Configuration_Guide_Chapter.html) and some Googling the best result I can find is that "By default, GETVPN preserves the header". The word "default" implies I can change this default behaviour somehow. Any help is appreciated. Cheers, Matt CCIE #22386 CCSI #31207 _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
