Greetings,I'm looking for a sanity check, and possibly a smarter way to solve a problem I'm having. My goal is to have one VPN use only GRE encapsulation, and the second VPN use only IPSEC. These different VPNs have different security constraints and...
Thanks Kanan,That's the same conclusion I came up with. I guess I was expecting there was some way to wildcard some of the values in the TLOC or TLOC list inside of the policy.The solution scales well at the spoke policy, since I will almost always j...
Thanks for the diagram. You should also be able to set the MTU size on the encryptor itself. I would refer to the vendors documentation on how much overhead is required, and subtract that from your LTE router's tunnel MTU. I believe a popular INE ven...
Can you provide a rough diagram or running configuration of the devices? I don't think we have enough information here to give any good advice. I'm assuming your topology looks like - VPN SPOKE > INLINE ENCRYPTOR > INLINE ENCRYPTOR > VPN HUB
I was able to get a similar setup working in a lab. Since both your peers in the Hawaii and Boston VRF are in AS123, you need to allow the local AS in on Boston/Hawaii, or override the AS at the Verizon PoP. On the Verizon PoP:router bgp 65300
addr...
