Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Full Mesh IP Sec question

Need to do a fully meshed IPsec scheme among 5 sites

(probably with a pix) all sites have their own connection to the internet, and some form of NAT going on. All the unregistered addresses (inside)

are the same for each site. Using the sample

at www.cisco.com/warp/customer/110/pixmeshed.html

I'm wondering if i need to convince the customer

to modify their inside addresses to be site unique.

2 REPLIES
New Member

Re: Full Mesh IP Sec question

Not only should they be unique at each site but they should also follow rfc1918 http://www.ietf.org/rfc/rfc1918.txt You can probably get by with some strange NAT setup but things can get very confusing and difficult to scale long-term.

Hope This Helps!

New Member

Re: Full Mesh IP Sec question

Cisco's answer for fully meshed VPNs is to use MPLS, which really isn't VPN at all. It looks like a great solution, but not all ISPs support it and those that do charge more for the connection.

125
Views
0
Helpful
2
Replies