Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
299
Views
5
Helpful
1
Replies

ipsec deployment

gauravm
Level 1
Level 1

‎05-18-2005 12:19 AM - edited ‎03-03-2019 09:35 AM

hi ,

i am planning to deploy ipsec on my gateway routers throughout the network.

but the problem is ,i have got 700+ locations and creating seperates keys and t sets for each and every location seperately (for leased as well as dialers) gonna be a tediuos job and i suppose will add to the routers cpu performance.

could any one give me a better solution for this.

your help will be appreciated .

Regards,

Labels:
0 Helpful
1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

‎05-18-2005 05:52 AM

To deploy IPSec for 700 locations is a major undertaking and some parts may be tedious. There is not a need to create a transform set for each site assuming that the remote sites have similar requirements then a single transform set can do for each.

The traditional approach to IPSec would be to create a separate instance of the crypto map for each remote site. An alternative that Cisco has recently introduced is DMVPN which allows the remote router to dynamically initiate the IPSec connection to the central router. One advantage of this is that the central router does not have to have each remote peer configured, so the configuration of the central router is greatly simplified.

This may be a solution that you would want to consider. If you are interested this link has a very good writeup about this feature:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110ba1.html

HTH

Rick

HTH

Rick
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card