Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
673
Views
0
Helpful
1
Replies

Need new VPN design

maced129
Level 1
Level 1

‎07-20-2011 08:01 PM

Hi, I am working for a company that has over 100 sites that are connected to HQ via encrypted vpn tunnels. We currently do the old style crypto map and defined ACL for GRE over IPSEC tunnels back to HQ...so we are doing a hub/spoke design.

I am looking for a new way to deploy these VPNs as we are growing all the time, the sites will never have to talk to other sites...just to HQ so I'm not sure if DMVPN is the right choice for us.

Do you guys have any suggestions for any new ways that we could deploy these new sites? Maybe VTI/DVTI??

Any help is appriciated...

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎07-21-2011 01:28 AM

Miles,

DMVPN for sure has this nice scalability factor which might be good for you.

VTI might also be a good idea, it's the stuff that gets a bit more traction in terms of supportability and new features coming.

I would base the actual solution on a few questions:

- Traffic volume

- Redundancy/Availability

- Support for protocols (will you need IPX, IPv6)

- Platforms you would like to deploy on (are there platforms witch very specific forwarding mechanisms - ASR, 6500/7600 with VPN SPA/VPNSM...)

- Third party devices support (?)

- Designated routing mechanism could be also of some importance.

(... probably a bunch of others...)

Marcin

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents