Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2157
Views
0
Helpful
4
Replies

vpn with Dc and DR

rajbhatt
Level 3
Level 3

‎11-21-2010 11:42 PM

Hi,

I have more than 800 branch offices.

Each brannch conencts  to hub location  .

From hub it connects  to DC if that is up else all traffic will be routed to DR .

attached diagram .

1. is mannual intervention necessary to do the fall back from dc to DR router

2. what will be best way to configure  site to site vpn with scalibility

any example config  with branch router ,hub  router, dc  router and Dr  router config will be highly appriciated

Thanks in advance

Labels:
Preview file
11 KB
0 Helpful
4 Replies 4

rajbhatt
Level 3
Level 3

‎11-24-2010 03:30 AM

HI,

Thanks  for the doc .

But what I  was planning to configure was simple ipsec vpn with multiple spoke site s.

the reason I cant run dmvpn is 1. I dont need communication between spokes

2. I do not have routing protocols , only static routes .3.My DC and DR is in different range of ip address

Can anyone  please post the config for the DC and  DR site and  also the failover config f rom DC  to DR.

Thanks in advance

75905-hub and spoke topology.txt.zip
0 Helpful

praprama
Cisco Employee
Cisco Employee
In response to rajbhatt

‎11-26-2010 10:43 PM

Hi,

So just to clarify:

1) DMVPN does not imply you are going to have spoke to spoke communitcation. You can still have a ery simple hub and spoke topology. The advantage with DMVPN is it is highly scalable, that is, as you add more and more spokes you do not have to touch the HUBs' config at all. Just a few lines of code on the spoke and it should be ready to run. This is the problem with a sim[ple IPSec VPN in that the lines of code to be added for each new spoke goes on increasing exponentially:

On a side note, you may in near future want to enable spoke to spoke communication and with IPSec VPN, this will pose a HUGE problem to say the least (with the routing, config, etc.).

Again with DMVPN, just a few lines of config and it should be ready to deploy.

2) DMVPN can run with static routes as well. It is not imperative you have dynamic routing. But in our sitiation, we need a "fallback" mechanism if one of the hubs fail, This will be possible only using dynamic routings protocols (eigrp, ospf, etc.) which are much more roubust than simple static routes.

Again, dynamic routing is much more scalable with addition of new spokes (and thereby new networks). You do not need to add static routes on all the hub sites but just one line of config on the spoke will enable this.

Considering the above and our requirement, i can not think of anything other DMVPN with dynamic routing.

I am assuming that the 2 HUB routers are in completely different goegraphic locations and hence HSRP also will not help us. Please do clarify this and let me know if there are any further queries.

Cheers,

Prapanch

0 Helpful

praprama
Cisco Employee
Cisco Employee

‎11-24-2010 05:45 AM

Hi,

This document will give you a good idea.I think its similar to your requirement:

https://supportforums.cisco.com/docs/DOC-8356

Also, fallback should be automatic. No intervention will be needed.

Cheers,

Prapanch

0 Helpful

rajbhatt
Level 3
Level 3
In response to praprama

‎11-25-2010 01:32 AM

HI,

any leads on this

Thanks in adavnce

0 Helpful
Customers Also Viewed These Support Documents