ASA/PIX, IDS, IPS, VPN, Cisco Secure ACS, AAA, ISE.
shane01
New Member
Posts:
45
Joined:
Wed Mar 03, 2010 4:04 am

Encrypt traffic between two IPs

Sat May 21, 2016 8:33 am

I'm not sure if this is easily done, or not doable at all. Just having trouble finding the right material to read. I'm hoping someone here can give me some guidance :)

Essentially what I want to do is encrypt traffic travelling between two networks, without creating a VPN/Tunnel/etc...

For example, NETWORK A has public IP 10.0.0.1 and has a webserver published to the internet at 10.0.0.1:80 (port forwarded). NETWORK B has public IP 20.0.0.1. A user behind NETWORK B's router (being NAT'd to the internet), accesses the web server at NETWORK A.

I've got ACL's in place to ensure that the webserver is only accessible from network B.

What I'm hoping is possible is just to configure the routers at A and B, so that any traffic that travels between them over the internet is encrypted. I don't want to create a tunnel or VPN or allow access to the networks behind those routers. Just enrypt between them.

** fully aware that HTTPS is the right solution for a webserver ***
That's just the example I'm using. Not what we're actually doing.

My theory here is that I can then guarantee to myself that ANY traffic on ANY protocol going between these two IPs is fully encrypted. No matter that it is, what the application, what the protocol etc...

Is this a cryptomap? Everything I'm reading comes back to VPNs etc...

ski
Senior Member
Posts:
303
Joined:
Sat Mar 31, 2012 5:01 pm
Certs:
CCNA CCNP CCIP CCNA Security

Re: Encrypt traffic between two IPs

Sat May 21, 2016 1:20 pm

The protocol for the encryption is ESP or AH, which can be used by an IPSec VPN, here you need some common IKEv1 and IPSec parameters between 2 communicating devices (at the end a crypto map on an interface).

Other encryption could be, for example, for a webserver, yep, HTTPS, where you use PKI for the encryption.

For an encryption, where you want to encrypt ANY type of traffic, a VPN is your friend, which can be IPSec, SSL VPN, OpenVPN and so on.

shane01
New Member
Posts:
45
Joined:
Wed Mar 03, 2010 4:04 am

Re: Encrypt traffic between two IPs

Sun May 22, 2016 7:25 am

Thanks skl

That makes sense to me. However, I don't want to join the internal networks in anyway way. Only encrypt what is going between the external interfaces.

My understanding is that a VPN joins the two LANs together. Whether or not we route them or use ACLs is one thing, but we don't want them connected in any way.

ski
Senior Member
Posts:
303
Joined:
Sat Mar 31, 2012 5:01 pm
Certs:
CCNA CCNP CCIP CCNA Security

Re: Encrypt traffic between two IPs

Sun May 22, 2016 9:51 am

You can put any IP into a VPN tunnel, not only internal IPs, also external ones or NAT-ted ones. You cannot encrypt just placing some ACLs in your router.

But anyway, read further on, maybe you find a solution which fits your needs.

webster82
Member
Posts:
163
Joined:
Tue Dec 15, 2009 3:05 pm
Certs:
ccna ccda ccnp

Re: Encrypt traffic between two IPs

Mon May 30, 2016 11:07 am

The way that this is done is to use link encryptors. These operate at the physical layer and are transparent to the routers or switches at either end. Not possible without additional hardware I am afraid.

'

Return to Cisco Security

Who is online

Users browsing this forum: EyeRow, JaneRow, PaulRow and 36 guests

      cron