I have a requirement for Guest Internet access for the visitors. Persently we have deployed a Global Headend router which has the infra for Guest user DNS and AAA servers connected with it.
Also for other countries we have the Local Headend router and tailend routers.
Prsently we have created 2 VPN tunnel interfaces on the tailend routers. One will connect to local headend & other will connect to global headend.
We have created the offset list to filter only DNS and AAA traffic to global headend and after successful authentication the internet traffic will pass through Local headend.
Now we have come across a situation for deploying tailend routers which is large numbers in size. I have got an idea instead of having the vpn tunnel pointed between tailend routers to global headend router. We can have 1 tunnel created on Local headend and Global headend and all tailend will have only one vpn tunnel pointed to only Local headend. But i need to configure Local headend to forward the AAA and DNS traffic for all the requests come from tailend routers. DNS and AAA traffic should go from one tunnel to other.
i.e. Tailend <------- GRE Tunnel -------->Local Headend <--------- GRE Tunnel ----------->Global Headend
I have attached the diagram of my requirement.
If i make like the proposed design (Attached ). We can avoid creating multiple tunnels in the infra. 1 master tunnel between Local head end and Global Headend will server DNS and AAA for all the tailends connected to the Local headend.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :