08-02-2013 04:59 PM - edited 03-03-2019 07:08 AM
Hi
here is the scenario were i need some advices ; managing IPSEC over GRE with expected growth will become nightmare.
I have read the post https://supportforums.cisco.com/docs/DOC-8356 - but still not clear which routing protocol to use for simplification,
ISP + hardware redundancy to consider, ease of management, future scalability
Each HQ_C?? site has collapsed core with vpn and mpls terminating on different routers.
Total 4 Countries
Country #1 named as HQ_C1
which hosts scala erp for rest of the countries, all international countries connects via vpn gre over ipsec
Country #2 named as HQ_C2
establishes vpn gre over ipsec with HQ_C1
With growth expected ;-
Country #3 named as HQ_C3
establishes vpn with HQ_C1 only
HQ_C3 will have two ISP for vpn redundancy with two vpn routers
Country#4 ( scenario same as country#3 with only 7 local sites )
thanks
ST
08-03-2013 10:23 AM
hi ST
first the post you read was posted by myself a while and i can tell you DMVPN can provide a scalable vpn solution compared to ipsec over gre point to point tunnels
from my understanding to your topology you hav emultiple hube and spoke topologies
in each hub and spoke topology do you need spoke to spoke direct communication or all will be spoke to hub ?
between differnt topologies/countries do you need hub to hub communications only or it might required direct spoke to spoke between diffrent countries ?
if the spoke to spoke required in both cases you can consider DMVPN phase 3 which can help you to design a hierarchal topologies
for simplification with hub and spoke topologies EIGRP is a good choice, OSPF as well but a bit more complicated
hope this help
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide