Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
506
Views
0
Helpful
4
Replies

Specific VPN requirements, need help selecting correct technology

Go to solution
jeffdanderson
Level 1
Level 1

‎09-25-2009 06:59 AM

I need assistance selecting the correct vpn technology to meet my requirements.

I have a 2801 router that I will be using to terminate the vpn sessions. I will be using 871 series routers for the remote clients. The requirements that make it difficult for me to determine how to configure are:

The 871 routers WAN ip address will be dynamic, so I cant use standard IPSEC lan to lan configuration. The solution needs to allow the connection from any address.

The remote sites will also need to pass traffic between remote sites. I need to allow this because this VPN is going to be used for IP Phones and I want clients at remote sites to be able to call each other.

Some of the solutions I have seen require the remote user to enter a username and password from the CLI on their 871 to bring up the tunnel. If at all possible I dont want this to be a dependency.

I am familiar with cisco routers and can usually make a config work if provided an example, but I dont know enough about the various VPN options to choose the correct solution. Any help is greatly appreciated.

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Yudong Wu
Level 7
Level 7

‎09-25-2009 07:46 AM

If you need spoke-to-spoke vpn connection as well, you can try DMVPN.

http://www.cisco.com/en/US/products/ps6658/prod_presentation_list.html

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Yudong Wu
Level 7
Level 7

‎09-25-2009 07:46 AM

If you need spoke-to-spoke vpn connection as well, you can try DMVPN.

http://www.cisco.com/en/US/products/ps6658/prod_presentation_list.html

0 Helpful

Go to solution
jeffdanderson
Level 1
Level 1
In response to Yudong Wu

‎09-25-2009 07:58 AM

Hi kwu2, thanks for the reply.

The remote sites dont need to talk directly to each other, their traffic can flow thru the hub router if that makes for a simplier solution. There is only going to be about 6 sites and the only traffic will be RTP and Skinny from a single phone per location.

0 Helpful

Go to solution
Yudong Wu
Level 7
Level 7
In response to jeffdanderson

‎09-25-2009 08:14 AM

Ok, in that case, you can use dynamic crypto map on Hub router, like the router config in the following link.

http://www.cisco.com/en/US/partner/tech/tk583/tk372/technologies_configuration_example09186a008051a69a.shtml

Any you need pay attention to those routing and ACL setting on spoke and hub routers, you can refer to the following example.

http://www.cisco.com/en/US/partner/tech/tk583/tk372/technologies_configuration_example09186a0080093dc8.shtml

0 Helpful

Go to solution
jeffdanderson
Level 1
Level 1
In response to Yudong Wu

‎09-25-2009 11:37 AM

Hi kwu2:

I went with your orignal advice and setup spoke-to-spoke dmvpn with minimal trouble. I used this document as an example.

http://www.cisco.com/en/US/partner/tech/tk583/tk372/technologies_configuration_example09186a008014bcd7.shtml

Thanks Again

0 Helpful
Customers Also Viewed These Support Documents