10-14-2004 11:52 AM - edited 02-21-2020 01:23 PM
I have a customer with a VPN concentrator at his central site and two remote sites with 1700 series routers. Each remote site currently has a VPN tunnel to the central concentrator. The customer would like to add an additional VPN tunnel from one of the remotes to the other remote, so the traffic destined for the core would ride the tunnel to the central site and traffic destined to the internet would ride a second tunnel to the other remote site (they are closer together). He wants both tunnels to be functional at the same time at the one remote site. Is this even possible?
Thanks!!!
Adam
10-14-2004 12:10 PM
It should be entirely possible.
As with most things, there's a variety of solutions, but categorically, there's two approaches. Static or dynamic.
If you meet the requirements, and especially if the setup may expand in the future, DMVPN might be a nice way to go. You can find more info here:
Documentation:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110ba1.html
Example development walkthrough:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_white_paper09186a008018983e.shtml
The other method would be a static setup.
A sample of such a config can be found in the begingin "what you probably have now" part of the above DMVPN development walkthrough link.
Also if the 1700 routers have a VPN module, it should speed up things considerably (especially when adding multiple VPNs)...
10-15-2004 04:22 AM
Thanks for your input. I will give it a look.
Adam
10-16-2004 07:06 PM
Adam
I work with a customer who is doing IPSec at many sites. We use 1721 routers at the remote sites and have two active IPSec tunnels to two different destinations. This sounds pretty similar to the requirements that you are describing. It works very well for us.
In our case we are using fixed/static IP addresses at each end and statically defined tunnels rather than the Dynamic Multipoint Tunnels. When our project was being established the Dynamic Multipoint tunnels had very recently been introduced and we did not want something quite that new. If you have fixed IP addresses and the number of end points with which you need to communicate is small, then I think that fixed tunnels are preferable. If you are using dynamically assigned addresses at remote end points or the number of end points to which each one needs to communicate is vary large, then I them that Dynamic Multipoint tunnels would have a lot to offer.
HTH
Rick
10-18-2004 06:50 AM
Rick,
All addressing is static. I will look into your recommendation. Sounds much more manageable.
Thanks!!!
Adam
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide