03-27-2008 02:10 PM - edited 02-21-2020 03:38 PM
I am planning for DMVPN deployment where the hub router is going to be directly connected to the Internet while spokes will reside behind firewalls (PIX 501s). I would like spokes to do just the multipoint GRE and offload encryption to firewalls. The hub router will terminate both mGRE and IPSec. Will it work?
I don't care much for spoke to spoke connectivity.
03-28-2008 08:27 AM
I can't see any reason why this wouldn't work. I havn't done specific DMVPN though PIXs, but I have done just site-specific GRE though PIXs and didn't have a problem with it.
03-28-2008 08:37 AM
In your scenario was PIX encrypting the GRE traffic, or it was just passing traffic that was alread encrypted by the internal router?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide