Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
448
Views
0
Helpful
1
Replies

Implement Site to Site VPN among Head Office and Branches...

harsha senaratna
Level 1
Level 1

‎07-24-2012 06:05 AM - edited ‎03-04-2019 05:03 PM

hi all,

I want to implement site to site vpn among our Head Office and Barnch routers (300 Sites).Head Office Site I have a cisco 7200 Router Im going to terminate the VPN conection on that.Branches we are having cisco 1841 series routers. They all are capable of working with VPN.In the present it is act like a EazyVPN Server for selected sites(30 sites).


Is there any license limitations in Cisco 7200 Router ?


Can I run both Site to site VPN and Eazy VPN Server together ?

Is there any other factors what should I consider in order to implement this solution ?

You responses using expertise knowledge highly appreciate. Because Im not that much familiar with VPN solutions.

Thanks

Labels:
0 Helpful
1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

‎07-27-2012 07:31 AM

here is a link from Cisco that discusses using both Cisco Easy VPN and IPSec tunnel VPN on the same router.

http://www.cisco.com/en/US/docs/routers/access/1800/1801/software/configuration/guide/vpnezvpn.pdf

I worked with a customer who had over 400 remote sites doing site to site VPN IPSec tunnels to a head end router that was a 7200. So I believe that what you intend to do is quite possible. To help our implementation scale to that number of remotes we did several things:

- we used IPSec with GRE so that we could run a dynamic routing protocol. (We wanted a dynamic routing protocol so that we could implement redundancy. but even if you do not have redundancy with 300 remote sites that would be a lot of static routes to configure and maintain. so I would suggest a dynamic routing protocol)

- we used EIGRP as the routing protocol.

- we configured the remote site router as eigrp stub.

- at the head end we configured a distribute list that would advertise to the remote only a default route. The head end had a large routing table, but at the remote the routing table was quite simple with only its connected routes and a default route to the head end.

- we were using traditional IPSec with crypto maps but the new approach using VTI tunnel protection mode gives the same capabilities and simplifies the configuration.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card