Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
572
Views
0
Helpful
2
Replies

Full Mesh IP Sec question

millerv
Level 1
Level 1

‎06-20-2001 02:29 PM - edited ‎03-08-2019 08:23 PM

Need to do a fully meshed IPsec scheme among 5 sites

(probably with a pix) all sites have their own connection to the internet, and some form of NAT going on. All the unregistered addresses (inside)

are the same for each site. Using the sample

at www.cisco.com/warp/customer/110/pixmeshed.html

I'm wondering if i need to convince the customer

to modify their inside addresses to be site unique.

Labels:
0 Helpful
2 Replies 2

k.poplitz
Level 3
Level 3

‎06-25-2001 12:41 PM

Not only should they be unique at each site but they should also follow rfc1918 http://www.ietf.org/rfc/rfc1918.txt You can probably get by with some strange NAT setup but things can get very confusing and difficult to scale long-term.

Hope This Helps!

0 Helpful

0sgruttadauria
Level 1
Level 1

‎07-02-2001 07:31 AM

Cisco's answer for fully meshed VPNs is to use MPLS, which really isn't VPN at all. It looks like a great solution, but not all ISPs support it and those that do charge more for the connection.

0 Helpful
Customers Also Viewed These Support Documents