hub and spoke vpn between ios routers with dynamic ip spokes

Unanswered Question
Feb 21st, 2010

Hi,

we are looking at a hub-spoke ipsec implementation were the spokes will be issued with dynamic ips. The hub and spokes will be IOS routers. If we use a wildcard pre-shared key can the spoke routers be configured as xauth clients? What other options would be available to enhance the security in this scenario?

danke

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Lei Tian Sun, 02/21/2010 - 18:16

Hi Danke,

Both EZVPN and DMVPN can support dynamic IP on spoke. Check the configuration example

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps6659/prod_white_paper0900aecd80313bdb.pdf

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_white_paper09186a008018983e.shtml#dualhubsingle

I prefer DMVPN, because it supports routing, spoke to spoke communication, multicast.

HTH,

Lei Tian

Actions

This Discussion