10-21-2012 01:33 PM - edited 03-03-2019 06:48 AM
Hello,
I am looking to use the Cisco 3925 to establish site to site VPNs using traditional IPSEC tunneling. One site is using ASA 5510 and I would like to use my existing Cisco 3925 at my site.
I have a 100mb pipe between the sites although its not totally dedicated.
Are there likely to be any limitations ?
Also what are a rules for using VoIP on IPSEC or GRE tunnels ?
Does anyone know of the limitations of setting up
Sent from Cisco Technical Support iPhone App
10-23-2012 08:23 PM
With an ASA on one end I do not believe the GRE is a viable option for you. IPSec tunnels should work ok. Doing VOIP frequently wants to use QoS. But if the IPSec tunnel is over the Internet then QoS will be a challenge.
HTH
Rick
Sent from Cisco Technical Support iPhone App
10-26-2012 12:58 PM
Flat IPSec Tunnels and GRE both support marking packets, however over the Internet you cannot guarantee QoS, you control the packets leaving your interfaces to the Internet and once the packets arrive at the remote end but in between sites you won't have any control.
If you got with flat IPSec tunnels (no GRE) you'll need to do QoS Pre-Classify on the crypto-maps to carry the QoS markings over the tunnel.
GRE tunnels will offer you much more scalability since you can run routing protocols over the GRE tunnel, were you cannot over the flat IPSec tunnels. You can reverse route injection but it isn't as clean as true routing. This all depends on how many VPNs you will be running though.
Richard is right, since the ASA does not support GRE that will limit you.
--
CCNP, CCIP, CCDP, CCNA: Security/Wireless
Blog: http://ccie-or-null.net/
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide