Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
385
Views
0
Helpful
3
Replies

DMVPN w/Cisco IOS and PIX?

madlm
Level 1
Level 1

‎12-14-2004 07:32 AM - edited ‎02-20-2020 11:48 PM

I will implementing a Cisco 2811 as our edge router, firewall and VPN hub device for our spoke sites. The spoke sites all have PIX[s]. So my question is...

- Will DMVPN work in this environment? Do I need a Cisco router as the spoke device to work or will the PIX suffice?

- Where can I find configs that mirror this type of environment?

- If this doesn't work how do I, without making the environment fully meshed, allow the spokes to talk via the hub 2811?

2ND PART

- We are looking to possibly deploy a Checkpoint appliance as a spoke device. Can DMVPN work with this or how can I make this work so that all spokes can communicate with it. I am assuming the routing will be done via the ACLs on the hub...

thanks for the help in advance!!!

Mike

0 Helpful
3 Replies 3

m.laporta
Level 1
Level 1

‎12-14-2004 08:42 AM

DMVPN is an IOS feature, so it needs Cisco routers both in the hub and in the spoke sites. Pix firewalls in the spoke sites won't work.

Anyway, you can still use Pix firewalls at the remote sites and get the traffic routed by the Cisco Hub router. Check this out:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080093dc8.shtml

As far as the 2nd part of your question is concerned, same answer: you cannot use DMVPN, yet you can use the hub router to allow the spokes to communicate.

HTH

michele

0 Helpful

r.fang
Level 1
Level 1
In response to m.laporta

‎12-16-2004 12:58 PM

As Michele just mentioned, DMVPn is purely Cisco IOS VPN solution.

But you could remote Cisco VPN router behind the PIX firewall to enchance the security.

If use SOHO PIX for remote sites is more cost effective than Cisco routers. you might consider to use Cisco Easy VPN feature, which both IOS and PIX support it, so they are fully interoperative.

Otherwise you could use traditional IPSec tunnels back to 2800 router, to create hub and spoke topology.

0 Helpful

r.fang
Level 1
Level 1
In response to m.laporta

‎12-16-2004 12:58 PM

As Michele just mentioned, DMVPn is purely Cisco IOS VPN solution.

But you could remote Cisco VPN router behind the PIX firewall to enchance the security.

If use SOHO PIX for remote sites is more cost effective than Cisco routers. you might consider to use Cisco Easy VPN feature, which both IOS and PIX support it, so they are fully interoperative.

Otherwise you could use traditional IPSec tunnels back to 2800 router, to create hub and spoke topology.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card