Quick question - VPN on Etherswitch.

Unanswered Question
Apr 30th, 2010

In a hub and spoke context, I need 4-5 independent IPSec VPN's on the main router.

Can we use Etherswitch ports (cf NME-16-ES-1G-P) on a 2821 or 2851 as VPN ports and route specific traffic through them? Or should I use Ethernet WIC's for that?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bgandhi Fri, 04/30/2010 - 05:02

NME-16-ES is a switch module . You will have to configure VLAN for each L3 interface. same is true for 4 port HWIC. You should consider using Routed interfaces for this purpose.

jguerreiro Fri, 04/30/2010 - 08:43

Thank you for the information.

What I had in mind when I mentioned HWICs was the GB Ethernet HWIC which, according with the datasheet available, is a "true rouer port card", IP configurable directly and one "does not to have to configure the port for VLAN trunking as in SVI configurations".

My problem is the number of connections required and how Ciscoa addresses this.If we could define as many VPN tunnels as ports available on an EtherSwitch, my problem would be solved. If I use HWIC -1GE-SFP I have a limitation given by the number of slots available which is not too high on a 2800.


bgandhi Fri, 04/30/2010 - 09:10

Why don't you consider single interface with ISAKMP profile.

jguerreiro Mon, 05/03/2010 - 04:09

Thanks for the suggestion.

My problem is that the specifications include several independent connections to the internet = several gateways.

Each of these connections end in a satellite modem ("dedicated" connection"). I think I'll need a correspondent number of WAN ports, each to be connected to the inside port of the modem.


bgandhi Mon, 05/03/2010 - 04:17

In such a case, we are left with only 2 options.

1.) HWIC-2FE ,  2 nos. are supported which will give you 4 interfaces

2.) Switch module of 16 ports.




This Discussion