Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
690
Views
0
Helpful
6
Replies

Establishing a WAN

samandrandi
Level 1
Level 1

‎05-24-2013 12:10 PM - edited ‎03-04-2019 08:00 PM

As a caveat, I am a student and asking this question for help with a final project I have due in a few weeks. With that said, I am not looking for a thorough answer, just some guidance to make sure I am headed in the right direction and understanding the material.

I have to establish a WAN for a company based in Denver (21 servers, fully staffed IT dept) with 130+ offices scattered throughout the midwestern states. For secure connectivity, this is my thought process so far. I would like to use VTI to provide secure connectivity between each of the offices and the main office, is there a limit to how many connections a single router interface will support using VTI? Can I configure a single router interface with 10? 50? 130+? Or is the interface limited to one VTI connection?

Thanks in advance for any help!

Sam

Labels:
0 Helpful
6 Replies 6

Richard Burts
Hall of Fame
Hall of Fame

‎05-24-2013 12:26 PM

Sam

A router interface is not limited to a single VTI. I have a customer who is currently running over 400 VTI on a single router interface.

HTH

Rick

HTH

Rick
0 Helpful

Subeh Sharma
Level 1
Level 1

‎05-24-2013 12:40 PM

Sam,

Did you mean Virtual template interface by VTI?

Subeh

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Subeh Sharma

‎05-24-2013 12:45 PM

I assumed from the context that Sam was talking about Virtual Tunnel Interface. And it was in that context that I talked about having 400 tunnels terminating on a single router interface. If he meant Virtual Template Interface then I was off the mark.

HTH

Rick

HTH

Rick
0 Helpful

ALIAOF_
Level 6
Level 6

‎05-24-2013 02:16 PM

You know you can also do MPLS, you can also do IPSec tunnels, or VTI with IPSec, depends on your needs and budget.

0 Helpful

samandrandi
Level 1
Level 1

‎05-24-2013 03:19 PM

I was referring to virtual tunnel interface, I apologize, I didn't realize there were two definitions for VTI! Richard, does the interface do okay with that many terminations on a single interface? It would seem that there would be some congestion issues. So, for my entry point into the headquarters network and servers, a single high-end router should provide sufficient connectivity and bandwidth?

Mohammed, I thought of a couple of different ways to have secure tunnels. From my research, VTI just seemed to make the most sense with 130+ connections terminating at the same place. I quickly got in over my head trying to figure out how to use L3 tunneling with point-to-point GRE with IPSec. I also looked at a couple of other Cisco based options, namely DMVPN and Easy VPN. Additionally, if I understand it correctly, VTI utilized IPSec for security, to me the advantage is having configurable, secure tunnels to each outlier connecting to a small number of router interfaces at the main office.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to samandrandi

‎05-25-2013 07:37 AM

Sam

This customer is using a fairly high end router to terminate these VTI tunnels and so far we have not observed anything that indicates that the router is having a problem with it. There is occasional congestion, but the congestion is with the amount of bandwidth from the Internet and not a limitation of the router.

And your understanding is correct that VTI does use IPSec to encrypt the data going through the tunnels.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents