Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Scalable IPSec Link Encryption

Hi All,

Sorry if this has been answered before.

I have a design with two hubs and 50 spokes. Each spoke has a link to both hubs (dual telco redundancy).

I must encrypt all the links using IPSec 3des while maintaining OSPF routing. This means that the traditional IPSec, crypto map, ACLs and GRE tunnels become hard to scale and manage.

I've heard of Dynamic Multipoint VPN, Virtual Tunnel Interface (VTI) and even Group Encrypted Transport (GET). Does someone out there know what works best in such a scenario?

Thanks in advance,

Bernard

1 REPLY
Silver

Re: Scalable IPSec Link Encryption

Cisco Easy VPN supports quality of service (QoS) and multicast, but if there is a requirement to support dynamic routing protocols or direct spoke-to-spoke communications, Cisco recommends Dynamic Multipoint VPN (DMVPN) as the preferred site-to-site VPN solution. For more information on DMVPN, please visit: http://www.cisco.com/go/dmvpn

111
Views
0
Helpful
1
Replies