Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco IOS CA and DMVPN

I am looking to rollout DMVPN solution using Cisco IOS CA and I have a few questions that I really haven't been able to answer to my satisfaction by reading the documentation. I was curious as to how well the Cisco IOS CA scales. I am looking at having approximately 200 spokes down the road. I would be storing the certificates in flash rather than nvram so there is plenty of room. Also, the whole point of DMVPN is to have a resilent hub and spoke design. In this case eventually three hubs for all the spokes. It doesn't appear possible to me to have each spoke router enroll with each DMVPN router acting as its own CA. From what I read there can only be one CA. Is that correct, or am I missing something. If you can only have one CA then it really doesn't seem to make much sense to leverage the Ciso IOS CA in this situation as I would need the spokes to authenticate to each router with a common certificate which points to an off router solution. Does this sound correct. Thanks in advance for any help you may be able to provide.

CreatePlease to create content