Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
335
Views
0
Helpful
3
Replies

VPN between 2 3845 HSEC routers

Go to solution
gautamzone
Level 1
Level 1

‎07-29-2007 06:43 AM - edited ‎03-03-2019 06:04 PM

Hi friends,

I have 2 Cisco 3845 HSEC routers with AIM-VPN-SSL3 modules in them. One router has been installed in a data center and the other router has been installed in the HQ. The DC and the HQ have been connected by a 4 Mb MPLS link.

Since these routers have an AIM module, i am contemplating on setting up VPN between these routers. Which VPN is recommended in this setup? A site to site VPN or an Easy VPN or a Get VPN or some other option?

Please suggest

Thanks a lot

Gautam

Note: Have posted this same question in Security -->General as it was even relevant there.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame
In response to gautamzone

‎07-29-2007 10:44 AM

Hi Gautam,

For the VPN to work, doesn't matter which type of address they give you. All what you need to decide, is if you want encryption, and how strong you want it (eg, AES). Since there is no impact on performances, often organizations decide to encrypt for the peace of mind and that's it.

As a recognition to those providing answers, please rate useful posts using the scrollbox below!

View solution in original post

0 Helpful
3 Replies 3

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame

‎07-29-2007 07:00 AM

Hi,

The 3845 like all ISR router does already have an embedded hardware module for IPsec. The AIM is more for SSL based Vn that are something else.

Anyway, if you are positive that there is no growth and only the wto LAN have to communicate with encryption, I would configure a traditional IPSEC VPN. Else, if you plan to add dranches, etc, I would do a DMVPN using GRE over IPSEC with the "tunnel protection" command. This has the advantage that you can cnahge renumber sites, etc, without touching access-lists and such.

Hope this helps, please rate post if it does!

0 Helpful

Go to solution
gautamzone
Level 1
Level 1
In response to paolo bevilacqua

‎07-29-2007 10:40 AM

Thanks a lot for your helpful response. Just one question here.

I am in for a VPN on a Layer 2 MPLS link whose WAN IP's are private (RFC1918) and are connected to each other through the Service provider cloud. I am not sure if it is sensible doing a VPN on such a link?

Can anybody shed some light on this?

Thanks a lot

Gautam

0 Helpful

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame
In response to gautamzone

‎07-29-2007 10:44 AM

Hi Gautam,

For the VPN to work, doesn't matter which type of address they give you. All what you need to decide, is if you want encryption, and how strong you want it (eg, AES). Since there is no impact on performances, often organizations decide to encrypt for the peace of mind and that's it.

As a recognition to those providing answers, please rate useful posts using the scrollbox below!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card