Design Suggestions

Unanswered Question

I am looking at redoing our current WAN design. Right now we have VPN connections from PIX boxes to each location. As you can imagine it is very messy trying to configure tunnels to each location.


I am looking for the best solution that would help me not only configure my current sites but expand very easily as we grow. My biggest issue is that each site can have anywhere from 2 subnets to 5. So we have a lot of different IP address to pass to each location.


I was looking at GRE tunneling and am a bit confused as to how it will work. Will I still need to define access list at each location for each subnet? If so I am not sure what I gain by going that route besides some failover options.


If so is there a better way of connecting remote sites between routers?


Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Edison Ortiz Fri, 07/27/2007 - 08:34
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

You don't need PIX for DMVPN, you can implement it with IOS Routers.

paolo bevilacqua Fri, 07/27/2007 - 08:32
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Agree with Edison, dmvpn is the next big thing. We are beginning some deployment and it looks real nice so far.

paolo bevilacqua Fri, 07/27/2007 - 09:46
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

No you don't need to configure each subnet at tunnel level. You will use a routing protocol of your choice, and all the remote subnets will be announced and reachable from hub site without additional configuration

Actions

This Discussion