Solved: Best remote connectivity system/VPN that meets my requirement

mohammed chalil · ‎02-06-2017

Hi All,

Need your suggestion... which is the best Cisco system that suits my requirement.

Requirement:

Need to connect approx. 100 remote sites to my Data center. These sites are temp ones, and will be keep on moving. There will be an internet connection (managed by Local IT) available in all sites. I can't interfere on this internet connectivity/gateway router. My aim is to connect the server located at my data center with the client PC located at the site, and the connection for sure should be secure and reliable.

I was planning to deploy DMVPN system here by keeping the hub router at my data center. But this system will have the following drawbacks:

1. System itself will be expensive as I need the router in each site.

2. I will have to modify some settings on the remote site gateway router.

Please help

Rahul Govindan · ‎02-07-2017

I believe most solutions, if not all, would require some sort of hardware at the remote end. Since you have already evaluated DMVPN, which is a very capable and scalable solution, I can think of 2 other solutions:

1) Use Meraki MX devices at DC and branch sites. They might turn out to be a bit more cost effective. Also, it is easy to build Meraki to Meraki based VPN's using just a few clicks on their cloud managed GUI.

2) Use ASA5506-X as remote Easy VPN hardware client and use existing router as EZVPN server. The easy VPN client requires minimal config compared to the Hub.

View solution in original post

Rahul Govindan · ‎02-07-2017

I believe most solutions, if not all, would require some sort of hardware at the remote end. Since you have already evaluated DMVPN, which is a very capable and scalable solution, I can think of 2 other solutions:

1) Use Meraki MX devices at DC and branch sites. They might turn out to be a bit more cost effective. Also, it is easy to build Meraki to Meraki based VPN's using just a few clicks on their cloud managed GUI.

2) Use ASA5506-X as remote Easy VPN hardware client and use existing router as EZVPN server. The easy VPN client requires minimal config compared to the Hub.

mohammed chalil · ‎02-07-2017

Hey Rahul,

Thanks for the reply, much appreciated.

Seems the first option matches my requirement. Do share with me any docs/links for Meraki devices/setup if you posses any.

One more question out of curiosity, is there an option to integrate Merakki devices with DMVPN setup.

Rahul Govindan · ‎02-07-2017

Configuration example for Meraki Site to Site vpn.

https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Configuring_Hub-and-spoke_VPN_Connections_on_the_MX_Security_Appliance

DMVPN works only on Cisco Routers and cannot be integrated with Meraki. You can use Site to Site VPN (crypto map based) with Meraki as spoke and Cisco router as hub, but this would mean different configuration types on either side.

mohammed chalil · ‎02-09-2017

Great!! Thanks for the response.

Michael Muenz · ‎02-07-2017

If you want to connect a "site" you definately need a router at each site, or not? :)

You could also use plain IKEv2 which is rather cheap and at the sites you could setup multiple access solutions so one of the fits anytime to avoid configuring it with every relocation:

https://supportforums.cisco.com/blog/13030756/ikev2-triple-wan-failover-between-ios-spoke-and-asa-hub

I used this setup with an interal modem and fixed logins, than a second external dsl modem and fixed login and third was LTE modem. So when dsl didn't work it just got an IP address via LTE modem and found his way to the DC

Michael Please rate all helpful posts