I need to select hub-and-spoke VPN technology. There are ~60 spokes (17xx routers) and central site (2x 3725 for redundancy, one ISP).
There is a plan to monitor routers and other equipment with HP OpenView NNM 6.41 (without ET). Also for routers maintenance CiscoWorks RWAN 1.3.
1. EasyVPN Server configured 3725 on the center (ether HSPR EasyVPN Server, ether route-injection with routing between EazyVPN servers) EasyVPN Remote configured 17xx (ether with one EazyVPN server HSRP address, ether 2 server addresses)
2. Static IPSEC cryptomamp
3. Static IPSEC/GRE
4. Partial/Full DMVPN/mGRE/NHRP Dual Hub implementation with singe DMVPN layout.
Currently spoke-to-spoke traffic non-exists, and even there is a plan sometimes to restrict spoke-to-spoke for security. Physical WAN topology allows full-mesh traffic (ISP have big routed WAN, without MPLS). So I want to leave a chances for utilizing spoke-to-spoke traffic flows in future.
I have successful EazyVPN desigs. But I found now that Cisco TAC do not recommend EazyVPN on LAN-to-LAN environments Only for Remote access.
What is better looking design for monitoring via NNM? IPSEC, IPSEC/GRE, EzVPN, mGRE? Any experience? GRE will looks like physical p2p line that is good. mGRE one big subnet not bad. What about EazyVPN?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :