07-29-2007 06:43 AM - edited 03-03-2019 06:04 PM
Hi friends,
I have 2 Cisco 3845 HSEC routers with AIM-VPN-SSL3 modules in them. One router has been installed in a data center and the other router has been installed in the HQ. The DC and the HQ have been connected by a 4 Mb MPLS link.
Since these routers have an AIM module, i am contemplating on setting up VPN between these routers. Which VPN is recommended in this setup? A site to site VPN or an Easy VPN or a Get VPN or some other option?
Please suggest
Thanks a lot
Gautam
Note: Have posted this same question in Security -->General as it was even relevant there.
Solved! Go to Solution.
07-29-2007 10:44 AM
Hi Gautam,
For the VPN to work, doesn't matter which type of address they give you. All what you need to decide, is if you want encryption, and how strong you want it (eg, AES). Since there is no impact on performances, often organizations decide to encrypt for the peace of mind and that's it.
As a recognition to those providing answers, please rate useful posts using the scrollbox below!
07-29-2007 07:00 AM
Hi,
The 3845 like all ISR router does already have an embedded hardware module for IPsec. The AIM is more for SSL based Vn that are something else.
Anyway, if you are positive that there is no growth and only the wto LAN have to communicate with encryption, I would configure a traditional IPSEC VPN. Else, if you plan to add dranches, etc, I would do a DMVPN using GRE over IPSEC with the "tunnel protection" command. This has the advantage that you can cnahge renumber sites, etc, without touching access-lists and such.
Hope this helps, please rate post if it does!
07-29-2007 10:40 AM
Thanks a lot for your helpful response. Just one question here.
I am in for a VPN on a Layer 2 MPLS link whose WAN IP's are private (RFC1918) and are connected to each other through the Service provider cloud. I am not sure if it is sensible doing a VPN on such a link?
Can anybody shed some light on this?
Thanks a lot
Gautam
07-29-2007 10:44 AM
Hi Gautam,
For the VPN to work, doesn't matter which type of address they give you. All what you need to decide, is if you want encryption, and how strong you want it (eg, AES). Since there is no impact on performances, often organizations decide to encrypt for the peace of mind and that's it.
As a recognition to those providing answers, please rate useful posts using the scrollbox below!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide