09-03-2009 08:01 PM - edited 03-04-2019 05:56 AM
Hi Guys,
I have a setup where I have a spoke router and 4 clients. The clients will grow and the configuration that we currently have seems to not be able to scale well.
For every new client we add, we have to make a new static crypto map, new tunnel interface and add the new client network to the access lists.
There is a very good book that I am following, The Complete Cisco VPN Configuration Guide. There is a pretty good example on this book, however it assumes that the spokes will be behind dynamic ISPs and that they will need to talk to each other.
In this setup, the spokes are all static and wont need to talk to each. What is the best approach for this?
thanks
09-03-2009 08:41 PM
Hello Angel,
DMVPN can be deployed with or without spoke to spoke direct communication.
But I recommend to deploy a routing protocol to make it really auto-adaptive.
You can use EIGRP that will give you with default settings no spoke to spoke dynamic tunnel.
see
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/DMVPDG.html
Hope to help
Giuseppe
09-04-2009 09:05 AM
Giuseppe,
that is a great link... actually very sexy link. I am currently reading it and it is just great.. lots of info. Im not on the examples part yet, but once I get there, I will start coding.
The environment I have is a bit messy, but I will fix it using the DMVPN concept.
Question though, if I change the isakmp crypto on the headend server to IPSec profiles, would I have to do the same on the branch devices?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide