Im currently working for an organization that has over 80 sites worldwide. They are currently using Watchguard Fireboxs with IPSec tunnels configured between each other in a kind of partial-mesh topology.
Ive been reading up on DMVPNs and in the process of putting together a proposal.
Key benefits being dynamic spoke-spoke tunnels (for VoIP and video), multicast support and ease of management.
, however I have a few questions.
Firstly, I would like to seperate the function of firewalling a VPN devices so am considering creating a VPN DMZ at the hub site off of the firewalls. However at the remote sites, some of which are less than 50 users would it be advisable to use the DMVPN router as a firewall also? how will this affect its performace or do we need to implement an ASA at each location as well?. Is the Cisco IOS Firewall as good as a PIX?.
What are peoples experiences with DMVPN's in general.
Thanks in advance