GETVPN with ASR 1001 Design Question

Unanswered Question

I've attached a quick visio for reference.  I'm designing a new Layer 2 WAN with 2 ASR routers, 2 3845's and 2 1941's and hoping to get some insight on a few questions. 

Obivously the goal is to follow best practices and have full redundancy on the network.  I know functionality wise I can place the Key servers on the WAN or behind a GM on the LAN, i'm just looking for some insight on what other folks think is the best plan.

My Questions are:

- Since I have a redundant link, should I place my Key servers on the LAN instead of the WAN so there is a secondary path for them to stay in synch if the L2 WAN goes down?

- If I want to encrypt traffic accross the P2P fiber link does it make more sense for the Key Server's to reside on the LAN instead of the WAN?

- If the provider is only handing off 1 ethernet connection at the Core site, and the key server will live on the WAN, how should I handle splitiing this connection to both the ASR and the Key Sever?  Should I use an external switch, or bridge interfaces on the ASR?  Or is this just another good reason to place the key server's on the LAN?

Thanks for the help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion

Related Content