Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

non-MPLS vpns

Hi

How can i setup VPN between three site of a company without using MPLS/VPN? what are my other options if my backbone routers doesnt support MPLS?

Thanks in advance

1 ACCEPTED SOLUTION

Accepted Solutions

Re: non-MPLS vpns

Hello,

the classical approach would be to use GRE with or without IPSec. Create a GRE tunnel interface from each CE to each other CE and enable the customer IGP on the tunnel interface. Given that there are only 3 CE routers this seems to be the easiest approach.

You can also use DMVPN with dynamic routing in case the number of CE routers is increased. Have a look at "Dynamic Multipoint VPN (DMVPN)"

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455c71.html

or "Understanding GRE with DMVPN"

http://www.cisco.com/en/US/products/sw/cscowork/ps3994/products_user_guide_chapter09186a00801f5966.html#wp1323409

Hope this helps! Please rate all posts.

Regards, Martin

6 REPLIES
Cisco Employee

Re: non-MPLS vpns

You can run MPLS VPN over L2TPv3 instead of MPLS.

For more information please refer to te following URL:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a0080227c91.html

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Community Member

Re: non-MPLS vpns

Hi

Thanks for your reply. I checked that page but my ios doest have a command in tunnel interface tunnel mode l3vpn l2tpv3 multipoint and in route-map set ip next-hop "in-vrf". So i think i am not able to forward tagged packets. Are there any other way? I see that there is address-family vpnv4 in BGP, can i do somethink with this or any other method?

Cisco Employee

Re: non-MPLS vpns

Deniz,

The solution you can use depends on the IOS you are using and also on your topology. Can you give us more detail.

Thanks,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Community Member

Re: non-MPLS vpns

I have the following topology:

CE1--7513--7513---CE2

|

3660----CE3

IOS images: c3660-ik9s-mz.122-8.T5.bin

rsp-isv-mz.122-17.bin

CE1,CE2,CE3 are simply IP ios customer routers.

Thanks..

Community Member

Re: non-MPLS vpns

3660 is connected to first 7513 actually not to CE1, drawing did'nt work sorry.

Re: non-MPLS vpns

Hello,

the classical approach would be to use GRE with or without IPSec. Create a GRE tunnel interface from each CE to each other CE and enable the customer IGP on the tunnel interface. Given that there are only 3 CE routers this seems to be the easiest approach.

You can also use DMVPN with dynamic routing in case the number of CE routers is increased. Have a look at "Dynamic Multipoint VPN (DMVPN)"

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455c71.html

or "Understanding GRE with DMVPN"

http://www.cisco.com/en/US/products/sw/cscowork/ps3994/products_user_guide_chapter09186a00801f5966.html#wp1323409

Hope this helps! Please rate all posts.

Regards, Martin

139
Views
0
Helpful
6
Replies
CreatePlease to create content