VPN Questions

mistryj · ‎10-21-2012

Hello,

I am looking to use the Cisco 3925 to establish site to site VPNs using traditional IPSEC tunneling. One site is using ASA 5510 and I would like to use my existing Cisco 3925 at my site.

I have a 100mb pipe between the sites although its not totally dedicated.

Are there likely to be any limitations ?

Also what are a rules for using VoIP on IPSEC or GRE tunnels ?

Does anyone know of the limitations of setting up

Sent from Cisco Technical Support iPhone App

Richard Burts · ‎10-23-2012

With an ASA on one end I do not believe the GRE is a viable option for you. IPSec tunnels should work ok. Doing VOIP frequently wants to use QoS. But if the IPSec tunnel is over the Internet then QoS will be a challenge.

HTH

Rick

Sent from Cisco Technical Support iPhone App

HTH

Rick

SOcchiogrosso · ‎10-26-2012

Flat IPSec Tunnels and GRE both support marking packets, however over the Internet you cannot guarantee QoS, you control the packets leaving your interfaces to the Internet and once the packets arrive at the remote end but in between sites you won't have any control.

If you got with flat IPSec tunnels (no GRE) you'll need to do QoS Pre-Classify on the crypto-maps to carry the QoS markings over the tunnel.

GRE tunnels will offer you much more scalability since you can run routing protocols over the GRE tunnel, were you cannot over the flat IPSec tunnels. You can reverse route injection but it isn't as clean as true routing. This all depends on how many VPNs you will be running though.

Richard is right, since the ASA does not support GRE that will limit you.

--
CCNP, CCIP, CCDP, CCNA: Security/Wireless
Blog: http://ccie-or-null.net/

-- CCNP, CCIP, CCDP, CCNA: Security/Wireless Blog: http://ccie-or-null.net/