Ok, just wondering what is the suggest route to fix my problem.
I am looking to create a network that has one central site and 13 branches which connect to the central site via VPN, will a PIX route packets from one branch to another branch if all of the VPNs are connected to the central site?
Any router will support VPN's if you have the right IOS image on it. Whether or not you go for a VPN-specific router probably depends on how much traffic you think you're going to be sending. HW encryption cards do all the encryption in HW rather than on the router CPU, so they free up the router to do other things.
The main thing you'll need to look at is do you want to do encryption in HW or in SW. There's no exact figure that says if you send more than "x" packets over the tunnels then you need to use HW encryption, it's more a case of estimating the encryption load and making the decision yourself. you can always try it in SW and monitor your CPU util, if it gets high and the encryption process is using most of it, then go for a HW card solution. Probably max out the router with memory also cause this always helps.
In short though, you can use any router for this purpose, just make sure it has the grunt to do what you want it to do.
Would this allow hosts on each spoke to communicate with hosts on another spoke? i.e. Site B is the hub site, Sites A and C are spokes off Site B. Would a host on Site A be able to communicate with a host in Site C? Hope I asked this as clearly as possible.
You asked it fairly clearly. Yes if you have a router at the hub site B terminating IPSec tunnels from remote sites A and C, then the remote sites can communicate with each other.
I am currently working on a project for a customer where we have almost 80 remote sites sending IPSec to a router at the central site (actually it is to redundant routers at the central site for failover capability). It is very important to this customer that the remote sites be able to communicate with each other. This solution of IPSec terminated on a router(s) at the hub is very effectively providing that ability of remote sites to communicate with each other.
Thanks for answering that! We have the same needs as well. Would you happen to have a couple sample configs for each end? I know how to configure VPN on PIX firewalls but have never done so on a router.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :