Hello cisco experts,
I need some help on changing my current configuration to add a Cisco 2821 for a site to site vpn architecture. I'll attempt to explain this as well as I can.
My current setup is a core 6509e that I have all my access layer devices and servers connected to. The default ip route specifies the next hop as our Nokia/Checkpoint firewall. All traffic goes through the firewall and either returns to the core for internal routing/switching and the external traffic goes to the internet link, which is an ISP we use. We do not have a public IP due to the dictation that we use this ISP without any choices.
So, traffic goes from our core 6509e to a Nokia/Checkpoint and then to our ISP as the default gateway. The Nokia's are currently performing the VPN portion for traffic going to a sister site.
We are going to be swapping out the Nokia's for Juniper firewalls and I need to figure out how to implement the Cisco 2821's to handle the VPN traffic. I was thinking of making a route statement to send all traffic destined for the sister site IP to the Cisco 2821 to perform the IPSEC VPN and then send it back through the core.
ANY suggestions are welcome.