Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
405
Views
0
Helpful
4
Replies

Dual VPN Connection

mwadam
Level 1
Level 1

‎10-14-2004 11:52 AM - edited ‎02-21-2020 01:23 PM

I have a customer with a VPN concentrator at his central site and two remote sites with 1700 series routers. Each remote site currently has a VPN tunnel to the central concentrator. The customer would like to add an additional VPN tunnel from one of the remotes to the other remote, so the traffic destined for the core would ride the tunnel to the central site and traffic destined to the internet would ride a second tunnel to the other remote site (they are closer together). He wants both tunnels to be functional at the same time at the one remote site. Is this even possible?

Thanks!!!

Adam

Labels:
0 Helpful
4 Replies 4

Shawn Lebbon
Level 1
Level 1

‎10-14-2004 12:10 PM

It should be entirely possible.

As with most things, there's a variety of solutions, but categorically, there's two approaches. Static or dynamic.

If you meet the requirements, and especially if the setup may expand in the future, DMVPN might be a nice way to go. You can find more info here:

Documentation:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110ba1.html

Example development walkthrough:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_white_paper09186a008018983e.shtml

The other method would be a static setup.

A sample of such a config can be found in the begingin "what you probably have now" part of the above DMVPN development walkthrough link.

Also if the 1700 routers have a VPN module, it should speed up things considerably (especially when adding multiple VPNs)...

0 Helpful

mwadam
Level 1
Level 1
In response to Shawn Lebbon

‎10-15-2004 04:22 AM

Thanks for your input. I will give it a look.

Adam

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to mwadam

‎10-16-2004 07:06 PM

Adam

I work with a customer who is doing IPSec at many sites. We use 1721 routers at the remote sites and have two active IPSec tunnels to two different destinations. This sounds pretty similar to the requirements that you are describing. It works very well for us.

In our case we are using fixed/static IP addresses at each end and statically defined tunnels rather than the Dynamic Multipoint Tunnels. When our project was being established the Dynamic Multipoint tunnels had very recently been introduced and we did not want something quite that new. If you have fixed IP addresses and the number of end points with which you need to communicate is small, then I think that fixed tunnels are preferable. If you are using dynamically assigned addresses at remote end points or the number of end points to which each one needs to communicate is vary large, then I them that Dynamic Multipoint tunnels would have a lot to offer.

HTH

Rick

HTH

Rick
0 Helpful

mwadam
Level 1
Level 1
In response to Richard Burts

‎10-18-2004 06:50 AM

Rick,

All addressing is static. I will look into your recommendation. Sounds much more manageable.

Thanks!!!

Adam

0 Helpful
Customers Also Viewed These Support Documents