VPN between 2 3845 HSEC

gautamzone · ‎07-29-2007

Hi friends,

I have 2 Cisco 3845 HSEC routers with AIM-VPN-SSL3 modules in them. One router has been installed in a data center and the other router has been installed in the HQ. The DC and the HQ have been connected by a 4 Mb MPLS link.

Since these routers have an AIM module, i am contemplating on setting up VPN between these routers. Which VPN is recommended in this setup? A site to site VPN or an Easy VPN or a Get VPN or some other option?

Please suggest

Thanks a lot

Gautam

PAUL TRIVINO · ‎07-30-2007

Well, on one hand I'd suggest site-to-site, using GRE tunnels so you get full routing etc.

OTOH, if it's across an MPLS link why do you need VPN?

Paul

mattiaseriksson · ‎07-31-2007

If you don't need to run a dynamic routing protocol or use dynamic tunnels, you can use a standard L2L ipsec tunnel. Then you don't have the overhead of the GRE protocol.

A standard ipsec tunnel does not scale well, but it is easiest to configure and require less overhead.

If you want to support remote users, you could choose easy vpn instead.

Here is a very god comparison:

http://www.cisco.com/application/pdf/en/us/guest/products/ps7180/c1031/cdccont_0900aecd80582078.pdf

gautamzone · ‎08-04-2007

Thanks a lot for the helpful suggesions here. So i infer that GRE with dynamic routing is a good solution to implement.

I will definitely try that out.

Thanks a lot

Gautam