Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4199
Views
0
Helpful
4
Replies

ASA VPN Site to site : DMVPN or Full mesh ?

Go to solution
lookfw1512
Level 1
Level 1

‎07-15-2013 12:27 AM - edited ‎02-21-2020 07:01 PM

Hi all

I'm fresh man in cisco enviroment, please help me

Currently i'm working on a project that need to set up VPN for security at mutiple site with diffirent ISPs ( not decided static or dynamic IP yet)

I can request Cisco Router for L3 routing devices and ASA appliance also

My target is : all sites can communicate with each others.

Now I'm considering about DMVPN or Full mesh topology

So you guys please answer my questions :

1 - Static IP from ISP is the best right ? Can i use dynamic IP ? ( I know ASA have some kind of dynamic - static VPN )

2 - DMVPN :

     + ASA not support it, but i heard that somehow ASA can config as spoke to spoke VPN. Is that match my target ?

     + Please refer me documents for set it up if you have

3 - Full mesh VPN :

     + How to setup it, am i have to config L2L VPN each sites to the rest ?

4 - DMVPN vs Full Mesh - Which one is better ? which one is less config work, less administration tasks ?

5 - The last one : please consult me the device needed for my target

Thanks you all!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-15-2013 06:24 AM

You're correct that an ASA will not support DMVPN. It would require you setup individual LAN-LAN VPN tunnels at every site (n x (n-1) tunnels total).

FlexVPN with ISR G2 routers would be the least amount of configuration work and most flexible setup for your stated requirements. It has the advantages of EZVPN and DMVPN together.

There are a number of FlexVPN configuration examples here.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-15-2013 06:24 AM

You're correct that an ASA will not support DMVPN. It would require you setup individual LAN-LAN VPN tunnels at every site (n x (n-1) tunnels total).

FlexVPN with ISR G2 routers would be the least amount of configuration work and most flexible setup for your stated requirements. It has the advantages of EZVPN and DMVPN together.

There are a number of FlexVPN configuration examples here.

0 Helpful

Go to solution
lookfw1512
Level 1
Level 1
In response to Marvin Rhoads

‎07-15-2013 07:38 AM

Thank you for your answer

Now i'm looking at FlexVPN and wondering is it support mobile client ?

My plan is set up multiple site to site for each branch => Solution is Flex VPN, right ?

And also remote client maybe window, android, ios ( iphone devices ) will be connected to branch that can also communicate with other client in other branch. => WebVPN-Anyconnect ASA or Router maybe ?

Please tell me whether Flex VPN can work with WebVPN ?

Thank you

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to lookfw1512

‎07-15-2013 09:35 AM

An AnyConnect Secure Mobility client (PC- or mobile-based) can establish remote access into a FlexVPN.

WebVPN is also known as clientless SSL VPN and, as such is SSL-based. Since FlexVPN is IKE v2-based, they are not compatible.

0 Helpful

Go to solution
lookfw1512
Level 1
Level 1
In response to Marvin Rhoads

‎07-15-2013 07:44 PM

Thank you for your support

0 Helpful
Customers Also Viewed These Support Documents