I am about to deploy a solution where I will have lots of remote branches which will have dynamic and static ISPs. They will all connect to the Head Quarters office (HQ).
In my testings, I already have 3 clients and I am doing a lot of config statements and I can predict that as I add more clients, the config will become unmanagable.
I am currently using static crypto maps. I am also using GRE inside IPSec.
I've been reading about IPSec Profiles and IPSec VTIs. They look like they might save me lots of code while my environment grows so I want to know what do you think?
Which of the 2 approaches will be better and more scalable?