09-29-2011 04:47 AM - edited 03-04-2019 01:46 PM
Hello:
I have been asked to design and implement a mid scale VPN solution. I plan to use a hub and spoke design where:
My planned architecture is based on DMVPN phase 3 . This will allow
I also need to use
I am old school and tend to do all my configs with CLI and not use a gui or some wizards. Maybe this will be easier?
My question relates to the order of implementation. Specifically what should be coded first and how do they interact. Can people please recommend a deployment order for the following.
For my non-router based spokes, are there any preferred VPN clients that work well with DMVPN, easy VPN, Get VPN, NCP VPN client etc.
Tips, suggestions and comments are welcome from users in this excellent forum.
Walter
09-30-2011 01:02 AM
Walter,
My personal suggestion is to leave the security measures only to the very end of your deployment work, i.e. I would suggest the following order of steps:
With respect to clients, I am afraid that there are no software clients that work in particular with DMVPN, i.e. interact with NHRP and GRE tunnels. However, you may use any VPN technology to access the DMVPN as a whole if any of the DMVPN-enabled routers also works as an VPN access concentrator, i.e. IPsec or SSLVPN (WebVPN). The SSL VPN is probably the way to go for the future, the IPsec seems to be shifting away from remote access VPNs only to the realm of site-to-site VPNs. The GETVPN is a different technology you are most probably not interested in.
As I consider myself to be just a beginner in the world of VPNs myself, I would appreciate very much if other friends here shared their experiences. Thanks!
Best regards,
Peter
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide