Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1142
Views
0
Helpful
3
Replies

Remote Office 3850 tunel to HQ options?

Go to solution
YanL
Level 1
Level 1

‎12-14-2015 10:41 AM - edited ‎03-05-2019 02:56 AM

Hello we have a 3850 at each of our remote sites and I would like to configure ISP failover (IP SLA?).

The 3850 Primary ISP is connected through a MPLS metro LAN service back to HQ.

The Secondary ISP is going to be connected through a Cellular LTE bridge (public IP).

Our HQ perimeter firewall is CheckPoint.

I would like to do something like this but the 3850 does not seem to support ipsec. http://www.cisco.com/c/en/us/support/docs/security/ios-easy-vpn/23784-ipsec-checkpt.html

I would be ok with adding an ASA at HQ but would rather not add equipment at the remote sites.

What are my options? GRE seems unsupported also on the 3850.

thank you

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
kperry
Level 1
Level 1
In response to YanL

‎01-26-2016 06:39 AM

According to the 3.7.3 release notes GRE tunnels are now supported on 3850s.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3e/release_notes/rn-3dot7e-3850.html

Under "Resolved Cavets" -

CSCuw19798

GRE Tunnel not working on Catalyst 3850

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎12-14-2015 12:18 PM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Your might ask your ISPs, whether they can also provide a VPN link across their public infrastructure.  If so, you wouldn't need to build your own VPN tunnel.  (My guess would be your MPLS Metro LAN ISP might be able to provide, not so sure about Cellular LTE.)

If they cannot, then you would need a device that can host a VPN tunnel. 

0 Helpful

Go to solution
YanL
Level 1
Level 1
In response to Joseph W. Doherty

‎12-15-2015 09:53 AM

I'm trying to stay away from using the same ISP for resiliency so I guess my only solution is to drop a tunneling device at every remote offices. grrrrrrr

The 3850 seemed like a good MPLS small campus L2/L3 device but the lack of IPSEC, GRE or tunneling capabilities make for an expensive L3 switch. I rather have tunneling capabilities that Wi-Fi.

0 Helpful

Go to solution
kperry
Level 1
Level 1
In response to YanL

‎01-26-2016 06:39 AM

According to the 3.7.3 release notes GRE tunnels are now supported on 3850s.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3e/release_notes/rn-3dot7e-3850.html

Under "Resolved Cavets" -

CSCuw19798

GRE Tunnel not working on Catalyst 3850

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card