Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Prefered VPN design for OpenView NNM monitoring

I need to select hub-and-spoke VPN technology. There are ~60 spokes (17xx routers) and central site (2x 3725 for redundancy, one ISP).

There is a plan to monitor routers and other equipment with HP OpenView NNM 6.41 (without ET). Also for routers maintenance CiscoWorks RWAN 1.3.

Possible designs:

1. EasyVPN Server configured 3725 on the center (ether HSPR EasyVPN Server, ether route-injection with routing between EazyVPN servers) EasyVPN Remote configured 17xx (ether with one EazyVPN server HSRP address, ether 2 server addresses)

2. Static IPSEC cryptomamp

3. Static IPSEC/GRE

4. Partial/Full DMVPN/mGRE/NHRP Dual Hub implementation with singe DMVPN layout.

***

Currently spoke-to-spoke traffic non-exists, and even there is a plan sometimes to restrict spoke-to-spoke for security. Physical WAN topology allows full-mesh traffic (ISP have big routed WAN, without MPLS). So I want to leave a chances for utilizing spoke-to-spoke traffic flows in future.

I have successful EazyVPN desigs. But I found now that Cisco TAC do not recommend EazyVPN on LAN-to-LAN environments Only for Remote access.

What is better looking design for monitoring via NNM? IPSEC, IPSEC/GRE, EzVPN, mGRE? Any experience? GRE will looks like physical p2p line – that is good. mGRE – one big subnet – not bad. What about EazyVPN?

Does DMVPN support HSRP cluster on HUB router?

P.S. Dear all, I waiting for you opinion.

2 REPLIES
Silver

Re: Prefered VPN design for OpenView NNM monitoring

If you looking for ease of deployment and maintainence, router MC is also a good option. More information is available at http://www.cisco.com/en/US/products/sw/cscowork/ps3994/products_data_sheet09186a00800fcb85.html

New Member

Re: Prefered VPN design for OpenView NNM monitoring

Organization decide to cut some costs and use SDM instead of VMS :)

After long thinkings I decide to use DMVPN with mGRE. mGRE tunell interface subnet looks fine inside NNM 6.41.

213
Views
1
Helpful
2
Replies
CreatePlease to create content