Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
810
Views
0
Helpful
5
Replies

EzVPN Remote with two Tunnels Concurrently ?

Daniel Stefani
Level 1
Level 1

‎08-20-2012 08:08 AM

Hi,

I want configure EzVPN between remote office (Site C) for my secondary office (Site B). But there is already a  EzVPN configuration between Site C and my Head Office (Site A).
I created the configs, but when I apply the command "crypto ipsec client ezvpn VPN2" on the Interface, a warning saying that only one Tunnel is supported.

in Site C i have a Cisco C1861W-UC-2BRI-K9  with dynamic IP Address
in Site B i have a Cisco CISCO2921/K9 with static IP Address

Could anyone help me?
Only ONE Tunnel is supported in EzVPN Remote enviroment ?
Are there others options ?


Best Regards,
Daniel Stefani

Labels:
0 Helpful
5 Replies 5

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎08-20-2012 01:19 PM

Daniel,

I'm not sure about all the requirements you have from your system (or limitations of your hardware)

,but DMVPN could be the best way to get both secure connections up and running :-)

M.

0 Helpful

Karsten Iwen
VIP
VIP

‎08-20-2012 01:40 PM

Another option in addition to the DMVPN that Marcin mentioned is the use of dynamic VTIs. These are a little bit easier to implement (in my opinion) then DMVPN.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to Karsten Iwen

‎08-20-2012 01:55 PM

Indeed, without need for full mesh connectivity, VTI is the choice. But as I said it depend on requirements... There is also Flex ;-)

0 Helpful

Karsten Iwen
VIP
VIP
In response to Marcin Latosiewicz

‎08-20-2012 02:20 PM

I would say that I'm quite brave in regard to new technology, but I think I wouldn't try Flex in productivity (yet).

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to Karsten Iwen

‎08-20-2012 11:55 PM

Several pretty big customers are running it already ;-)

Major problem is IKEv2 support on certain platforms (ISR G1 for example).

If you think about it, it's same technology, GREoIPsec/VTI/IPsec just bound together in one new framework under IKEv2.

I have not see so much effort put into testing any feature before as for this - TAC was also heavily involved.

Anyway it's out there, it's a possibility, it's the future :-)

M.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents