Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2145
Views
4
Helpful
1
Replies

scalability question - vpn

saquib.tandel
Level 1
Level 1

‎08-02-2013 04:59 PM - edited ‎03-03-2019 07:08 AM

Hi

here is the scenario were i need some advices ; managing IPSEC over GRE with expected growth will become nightmare.

I have read the post https://supportforums.cisco.com/docs/DOC-8356  - but still not clear which routing protocol to use for simplification,

ISP + hardware redundancy to consider, ease of management, future scalability

Each HQ_C?? site has collapsed core with vpn and mpls terminating on different routers.

Total 4 Countries

Country #1   named as HQ_C1

which hosts scala erp for rest of the countries, all international countries connects via vpn gre over ipsec

  • 10 cities connect to country#1 HQ_C1 over gre over ipsec
  • single hub no redundancy

Country #2  named as HQ_C2

establishes vpn gre over ipsec with HQ_C1

  • 20 local sites in country#2 connect to HQ_C2 over local mpls provider and get scala access using VPN establish between country#2 to country#1

With growth expected ;-

  • 5 Main sites will be estalibshed in country#2, each main site will have around 100+ concurrent users and need to access scala directly from HQ_C1 and have mpls connection between main sites + HQ_C2 for other services i.e voip,  portals, messaging
  • HQ_C2 will have Two ISP to have redundancy on vpn with HQ_C1

Country #3   named as HQ_C3

establishes vpn with HQ_C1 only

  • 10 local sites in country#3 connect to HQ_C3 over local mpls provider and get scala access using VPN establish between country#3 to country#1

HQ_C3 will have two ISP for vpn redundancy with two vpn routers

Country#4  ( scenario same as country#3 with only 7 local sites )

thanks

ST

Labels:
0 Helpful
1 Reply 1

Marwan ALshawi
VIP Alumni
VIP Alumni

‎08-03-2013 10:23 AM

hi ST

first the post you read was posted by myself a while and i can tell you DMVPN can provide a scalable vpn solution compared to ipsec over gre point to point tunnels

from my understanding to your topology you hav emultiple hube and spoke topologies

in each hub and spoke topology do you need spoke to spoke direct communication or all will be spoke to hub ?

between differnt topologies/countries do you need hub to hub communications only or it might required direct spoke to spoke between diffrent countries ?

if the spoke to spoke required in both cases you can consider DMVPN phase 3 which can help you to design a hierarchal topologies

for simplification with hub and spoke topologies EIGRP is a good choice, OSPF as well but a bit more complicated

hope this help

Customers Also Viewed These Support Documents