Site-to-site VPN with low-overhead needed (ISP offers very limited access)
Is someone able to help me out a bit on this one?
I'm trying to design a site-to-site VPN setup, but my knowledge of VPN's in relation to Cisco equipment limit me a bit.
What I would like to create is a link between two sites (one mobile Cisco router and one in a datacenter). I Need the traffic on the link to be shaped (let's say 3 priority levels) so QoS on both upstream and downstream.
The mobile router can use a number of different connections, which at least should allow "normal" internettraffic (port 443 and 80) and might traverse through a NAT-router. Furthermore it's not possible to say what the linkspeed is, it could be 64Kb/s or 2Mb/s (and when established it might even fluctuate a bit).
What are my options to have two-way QoS on that link? I Thought of using SSL VPN:
- it does not have that much overhead (even works on "slow" links?)
- uses standard port 80 and 443 (no problem with firewalls and routers?)
- tunneling of all data (the mobile user can use any port/application without the current ISP possibly blocking it?)
The only thing is I cannot find anything on site-to-site SSL tunnels, they all seem to be using a webclient or the Cisco client.
Can such an idea be realised, and if yes can it be done with the SSL? I Planned using a 3800-series as colocated router and some 2800-series as mobile router.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :