Scalable IPSec Link Encryption

Unanswered Question
Jun 5th, 2007
User Badges:

Hi All,

Sorry if this has been answered before.

I have a design with two hubs and 50 spokes. Each spoke has a link to both hubs (dual telco redundancy).

I must encrypt all the links using IPSec 3des while maintaining OSPF routing. This means that the traditional IPSec, crypto map, ACLs and GRE tunnels become hard to scale and manage.

I've heard of Dynamic Multipoint VPN, Virtual Tunnel Interface (VTI) and even Group Encrypted Transport (GET). Does someone out there know what works best in such a scenario?

Thanks in advance,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
smahbub Tue, 06/12/2007 - 05:57
User Badges:
  • Silver, 250 points or more

Cisco Easy VPN supports quality of service (QoS) and multicast, but if there is a requirement to support dynamic routing protocols or direct spoke-to-spoke communications, Cisco recommends Dynamic Multipoint VPN (DMVPN) as the preferred site-to-site VPN solution. For more information on DMVPN, please visit:


This Discussion