Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
472
Views
0
Helpful
1
Replies

Scalable IPSec Link Encryption

bernardwanyama
Level 1
Level 1

‎06-05-2007 07:53 AM - edited ‎02-21-2020 03:05 PM

Hi All,

Sorry if this has been answered before.

I have a design with two hubs and 50 spokes. Each spoke has a link to both hubs (dual telco redundancy).

I must encrypt all the links using IPSec 3des while maintaining OSPF routing. This means that the traditional IPSec, crypto map, ACLs and GRE tunnels become hard to scale and manage.

I've heard of Dynamic Multipoint VPN, Virtual Tunnel Interface (VTI) and even Group Encrypted Transport (GET). Does someone out there know what works best in such a scenario?

Thanks in advance,

Bernard

Labels:
0 Helpful
1 Reply 1

smahbub
Level 6
Level 6

‎06-12-2007 05:57 AM

Cisco Easy VPN supports quality of service (QoS) and multicast, but if there is a requirement to support dynamic routing protocols or direct spoke-to-spoke communications, Cisco recommends Dynamic Multipoint VPN (DMVPN) as the preferred site-to-site VPN solution. For more information on DMVPN, please visit: http://www.cisco.com/go/dmvpn

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents