Design Suggestions

Unanswered Question
Jul 27th, 2007

I am looking at redoing our current WAN design. Right now we have VPN connections from PIX boxes to each location. As you can imagine it is very messy trying to configure tunnels to each location.

I am looking for the best solution that would help me not only configure my current sites but expand very easily as we grow. My biggest issue is that each site can have anywhere from 2 subnets to 5. So we have a lot of different IP address to pass to each location.

I was looking at GRE tunneling and am a bit confused as to how it will work. Will I still need to define access list at each location for each subnet? If so I am not sure what I gain by going that route besides some failover options.

If so is there a better way of connecting remote sites between routers?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Paolo Bevilacqua Fri, 07/27/2007 - 08:32

Agree with Edison, dmvpn is the next big thing. We are beginning some deployment and it looks real nice so far.

ccoombs@adelman... Fri, 07/27/2007 - 08:41

Thanks again.

Can I assume we can do a spooke and hub config and avoid full meshing for all sites to communicate?

All I assume it requires configuring tunnels for each and ever subnet to each location?


Paolo Bevilacqua Fri, 07/27/2007 - 09:46

No you don't need to configure each subnet at tunnel level. You will use a routing protocol of your choice, and all the remote subnets will be announced and reachable from hub site without additional configuration


This Discussion