Sorry if this has been answered before.
I have a design with two hubs and 50 spokes. Each spoke has a link to both hubs (dual telco redundancy).
I must encrypt all the links using IPSec 3des while maintaining OSPF routing. This means that the traditional IPSec, crypto map, ACLs and GRE tunnels become hard to scale and manage.
I've heard of Dynamic Multipoint VPN, Virtual Tunnel Interface (VTI) and even Group Encrypted Transport (GET). Does someone out there know what works best in such a scenario?
Thanks in advance,