I haven done this already. The connection itself starts out encrypted but the table data going through the tds packets is not. I have verified it isn't. If you inspect the packets going between the servers you will see this. I can look right into the tds packets and read the table data.

I could of course encrypt the data itself via symmetric keys, etc but this isn't what we want as we have multiple sources and destinations involved. We need the encryption transparent but not via tde. Hopefully someone has encountered this before and know what to do