Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
545
Views
0
Helpful
5
Replies

Site to site VPN question

jdamone
Level 1
Level 1

‎02-09-2009 02:39 PM - edited ‎02-21-2020 03:16 AM

At headquarters we have 2 routers. We have a corporate router connecting 10 sites via a public MPLS network for core services. Any traffic not destined for any of our sites gets routed to our internet router.

We'd like to take a site off of our public MPLS network, and set up a site-to-site VPN. We already have a Cisco 3000 concentrator that is used for remote access VPN.

My concern is the core traffic for this site is configured to go to the corporate router.

How do we get the core traffic to go through the internet router and VPN tunnel, and not the corporate router and MPLS network?

0 Helpful
5 Replies 5

dominic.caron
Level 5
Level 5

‎02-12-2009 12:03 PM

For starters, dont use the 3000. Not a good box for doing L2L vpn.

How is your routing designed in work network?

0 Helpful

jdamone
Level 1
Level 1
In response to dominic.caron

‎02-12-2009 12:08 PM

What kind of problems do you know about the 3000? It seems to do Remote Access VPN pretty good.

We're running all static routes. I thought about this and I think all I need to do is point the static route to the internet router and VPN cloud.

Thanks

0 Helpful

dominic.caron
Level 5
Level 5
In response to jdamone

‎02-12-2009 12:26 PM

The 3000 is not good at managing route and it's EOL.

For the routing part, it you use static route in your network, just point it at your vpn gateway.

0 Helpful

jdamone
Level 1
Level 1
In response to dominic.caron

‎02-12-2009 01:25 PM

I don't quite understand specifically what you mean by managing routes. We don't plan on implementing too many VPN's, maybe 3 or 4 at the most.

0 Helpful

cisco24x7
Level 6
Level 6
In response to jdamone

‎02-12-2009 02:00 PM

"For starters, dont use the 3000. Not a good box for doing L2L vpn."

Where did you come up with this reason?

I've done lot of VPN configurations on

many vendors such as Juniper, Checkpoint

and Cisco and I can say that the VPN

concentrator is an excellent device, very

easy to manage and configure. You can

even run dynamic routing protocol on the

VPNc. VPNc is a much better device than

the ASA in term of VPN, IMHO. Granted,

if you have complex VPNs with GRE, then

IOS router is the way to go but VPNc

will do just fine here, especially when

you only have a few tunnels to deal with.

Managing routes on VPNc is almost the

same as IOS routers.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card