Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1830
Views
0
Helpful
3
Replies

IPSec from cEDGE to non SDWAN Device... or 3rd Party.. and also MGRE on cEDGE

Go to solution
craneman1
Level 1
Level 1

‎07-29-2020 01:33 PM

Hi

We might have need to establish 1 or more VPN tunnels from cEDGE devices to 3rd party vendor firewalls and the like....

is this possible?.... Typically we know the cEDGE communicates with all the other cEDGES via IPsec.. but in this instance the customer wants the cEDGE to communicate to 3rd party firewall vendors.... 

 

Also along with that... its would be from 1 cEDGE to multiple 3RD Party Firewalls at the same time... so sort of like a DMVPN MGRE type of thing... I dont think that can be doe or support MGRE.... 

Thanks!

Mike

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
brselzer
Cisco Employee
Cisco Employee

‎07-30-2020 05:39 AM

Hello Mike,

 

IPSEC tunnels to third party devices is supported:

 

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/System-Interface/systems-interfaces-book-xe-sdwan/configure-interfaces.html#id_106511

 

See the "VPN Interface IPsec" section. However, as you suspected they are only point-to-point. mGRE is not supported at this time. Depending on scale you could configure multiple point-to-point tunnels.

 

Hope that helps!

-Bradley Selzer
CCIE# 60833

View solution in original post

0 Helpful
3 Replies 3

Go to solution
brselzer
Cisco Employee
Cisco Employee

‎07-30-2020 05:39 AM

Hello Mike,

 

IPSEC tunnels to third party devices is supported:

 

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/System-Interface/systems-interfaces-book-xe-sdwan/configure-interfaces.html#id_106511

 

See the "VPN Interface IPsec" section. However, as you suspected they are only point-to-point. mGRE is not supported at this time. Depending on scale you could configure multiple point-to-point tunnels.

 

Hope that helps!

-Bradley Selzer
CCIE# 60833
0 Helpful

Go to solution
craneman1
Level 1
Level 1
In response to brselzer

‎07-30-2020 06:47 AM

Hi Thanks very much.. just one question do you think 100 tunnels in a vpn would be a problem... to 3rd party?
Probably not but it would be ice to know..
Thanks, Mike
0 Helpful

Go to solution
brselzer
Cisco Employee
Cisco Employee
In response to craneman1

‎07-30-2020 09:11 AM

Hello,

 

This will probably depend on what platform you use and if there are any limitations for that platform. If you have a partner or sales rep you are working with, it might be a good question to ask them for your specific platforms and they can get you confirmation. 

 

Hope that helps!

-Bradley Selzer
CCIE# 60833
0 Helpful
Customers Also Viewed These Support Documents