We are a retail organization, and are planning on using a VPN over the Internet to communicate with our stores. We currently have about 1100 stores across North America. We are planning to use 1720 routers in each store. I'd like some help on a number of aspects of the design:
1: Authentication - shared secrets doesn't seem to scale, but a CA may have administrative overhead. What should we use? What has been done? What lessons can you share?
2: The data center - We are planning on using redundant 3030 VPN concentrators. Is this the best choice? Is it better than 7140s?
3: Acquistion & rollout - How did you stage this volume of routers? How did you ensure the config was accurate? Did you do it remotely?
4: Management - How valuable is Ciscoworks in a space like this? What can it do? Manage authentication? IOS revs? How critical is out of band management?
CAs are very scalable for your situation. 3030s are okay but for 11k clients you might look at the 5000 series instead. Keep the encryption off your 7140s if you can help it. In your environment, a dedicate concentrator is a better plan. That should help a little.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...