Specific VPN requirements, need help selecting correct technology

Answered Question
Sep 25th, 2009

I need assistance selecting the correct vpn technology to meet my requirements.

I have a 2801 router that I will be using to terminate the vpn sessions. I will be using 871 series routers for the remote clients. The requirements that make it difficult for me to determine how to configure are:

The 871 routers WAN ip address will be dynamic, so I cant use standard IPSEC lan to lan configuration. The solution needs to allow the connection from any address.

The remote sites will also need to pass traffic between remote sites. I need to allow this because this VPN is going to be used for IP Phones and I want clients at remote sites to be able to call each other.

Some of the solutions I have seen require the remote user to enter a username and password from the CLI on their 871 to bring up the tunnel. If at all possible I dont want this to be a dependency.

I am familiar with cisco routers and can usually make a config work if provided an example, but I dont know enough about the various VPN options to choose the correct solution. Any help is greatly appreciated.


I have this problem too.
0 votes
Correct Answer by Yudong Wu about 7 years 1 month ago

If you need spoke-to-spoke vpn connection as well, you can try DMVPN.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
jeffdanderson Fri, 09/25/2009 - 07:58

Hi kwu2, thanks for the reply.

The remote sites dont need to talk directly to each other, their traffic can flow thru the hub router if that makes for a simplier solution. There is only going to be about 6 sites and the only traffic will be RTP and Skinny from a single phone per location.

Yudong Wu Fri, 09/25/2009 - 08:14

Ok, in that case, you can use dynamic crypto map on Hub router, like the router config in the following link.


Any you need pay attention to those routing and ACL setting on spoke and hub routers, you can refer to the following example.



This Discussion