Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

EZvpn compared to lan to lan

I have a Hub and spok environement using pixes as vpn tunnel end points where I would be adding spokes dynamically. I cannot afford any downtime for the existing vpn tunnels. With Lan-to-Lan when ever I add new sites I have to reapply crypto map on the interface which will bring all my tunnels down.

I was thinking of using EZvpn in network exension mode to ovecome this problem.

When I add sites dynamically all I have to do is add new vpngroup with split tunnelling. I don't think I have to remove the crypto map on the interface and reaplly it back. Can anyone confirm

2 REPLIES
New Member

Re: EZvpn compared to lan to lan

EazyVPN is perfect solution, but only if you have one subnet per site. I have implement PIX EazyVPN solution with about 30 PIXes 6.2.x (spokes). One in the center.

Possible problems:

EazyVPN can anounce only one proteced subnet, for dinamyc cryptomaps.

Central PIX do not allow spoke-to-spoke traffic to be routed trougt central PIX EazyVPN Server. This is PIX restriction by design. So i place IOS router to the center.

Half a year - no calls from the customer.

New Member

Re: EZvpn compared to lan to lan

edited post..........

I think EzVPN is the best solution under your circumstances

"I have a Hub and spok environement using pixes as vpn tunnel end points where I would be adding spokes dynamically"

I was going to suggest using Dynamic Multipoint VPN, but I reread your post (you are running PIX's as tunnel endpoints)

180
Views
0
Helpful
2
Replies
CreatePlease to create content