Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
547
Views
0
Helpful
2
Replies

EZvpn compared to lan to lan

mohammed.ibrahim
Level 1
Level 1

‎03-05-2004 03:59 PM

I have a Hub and spok environement using pixes as vpn tunnel end points where I would be adding spokes dynamically. I cannot afford any downtime for the existing vpn tunnels. With Lan-to-Lan when ever I add new sites I have to reapply crypto map on the interface which will bring all my tunnels down.

I was thinking of using EZvpn in network exension mode to ovecome this problem.

When I add sites dynamically all I have to do is add new vpngroup with split tunnelling. I don't think I have to remove the crypto map on the interface and reaplly it back. Can anyone confirm

Labels:
0 Helpful
2 Replies 2

sergej.gurenko
Level 1
Level 1

‎03-08-2004 12:54 PM

EazyVPN is perfect solution, but only if you have one subnet per site. I have implement PIX EazyVPN solution with about 30 PIXes 6.2.x (spokes). One in the center.

Possible problems:

EazyVPN can anounce only one proteced subnet, for dinamyc cryptomaps.

Central PIX do not allow spoke-to-spoke traffic to be routed trougt central PIX EazyVPN Server. This is PIX restriction by design. So i place IOS router to the center.

Half a year - no calls from the customer.

0 Helpful

d-garnett
Level 3
Level 3

‎03-09-2004 01:37 PM

edited post..........

I think EzVPN is the best solution under your circumstances

"I have a Hub and spok environement using pixes as vpn tunnel end points where I would be adding spokes dynamically"

I was going to suggest using Dynamic Multipoint VPN, but I reread your post (you are running PIX's as tunnel endpoints)

0 Helpful
Customers Also Viewed These Support Documents