Site to site VPN question

Unanswered Question

At headquarters we have 2 routers. We have a corporate router connecting 10 sites via a public MPLS network for core services. Any traffic not destined for any of our sites gets routed to our internet router.

We'd like to take a site off of our public MPLS network, and set up a site-to-site VPN. We already have a Cisco 3000 concentrator that is used for remote access VPN.

My concern is the core traffic for this site is configured to go to the corporate router.

How do we get the core traffic to go through the internet router and VPN tunnel, and not the corporate router and MPLS network?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dominic.caron Thu, 02/12/2009 - 12:03
User Badges:
  • Silver, 250 points or more

For starters, dont use the 3000. Not a good box for doing L2L vpn.

How is your routing designed in work network?

dominic.caron Thu, 02/12/2009 - 12:26
User Badges:
  • Silver, 250 points or more

The 3000 is not good at managing route and it's EOL.

For the routing part, it you use static route in your network, just point it at your vpn gateway.

cisco24x7 Thu, 02/12/2009 - 14:00
User Badges:
  • Silver, 250 points or more

"For starters, dont use the 3000. Not a good box for doing L2L vpn."

Where did you come up with this reason?

I've done lot of VPN configurations on

many vendors such as Juniper, Checkpoint

and Cisco and I can say that the VPN

concentrator is an excellent device, very

easy to manage and configure. You can

even run dynamic routing protocol on the

VPNc. VPNc is a much better device than

the ASA in term of VPN, IMHO. Granted,

if you have complex VPNs with GRE, then

IOS router is the way to go but VPNc

will do just fine here, especially when

you only have a few tunnels to deal with.

Managing routes on VPNc is almost the

same as IOS routers.


This Discussion