DMVPN on ASA

Unanswered Question
Aug 3rd, 2009

Hello NetPro,

we have 8 sites with ASA55(>4)X . As per of now they are connected with static vpn tunnels. (full mesh)

As you may imagine more sites - more vpn we need to add to maintain full reachability.

I am looking for something like DMVPN but on ASA devices, or , at least some ideas which can help me ease of maintaining large amount of vpn tunnels.

Any advises will be warmly appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Roman Rodichev Mon, 08/03/2009 - 13:40

DMVPN requires GRE tunneling, and since ASA doesn't support GRE, DMVPN is not possible.

You can use dynamic crypto tunnels which will minimize configuration on the ASA, and allow remote sites connect to the ASA dynamically.

Here's an example:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807ea936.shtml

You can also use ezVPN, which is kind of like dynamic crypto but uses different configuration.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080809222.shtml

Regards,

Roman

Actions

This Discussion