Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Design Suggestions

I am looking at redoing our current WAN design. Right now we have VPN connections from PIX boxes to each location. As you can imagine it is very messy trying to configure tunnels to each location.

I am looking for the best solution that would help me not only configure my current sites but expand very easily as we grow. My biggest issue is that each site can have anywhere from 2 subnets to 5. So we have a lot of different IP address to pass to each location.

I was looking at GRE tunneling and am a bit confused as to how it will work. Will I still need to define access list at each location for each subnet? If so I am not sure what I gain by going that route besides some failover options.

If so is there a better way of connecting remote sites between routers?

Thanks!

6 REPLIES
Hall of Fame Super Bronze

Re: Design Suggestions

Perhaps something like DMVPN can help ?

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110ba1.html

Have a read and let us know.

New Member

Re: Design Suggestions

Thanks.

I have looked at DMVPN but I was hoping to avoid using PIX boxes for the connections.

Hall of Fame Super Bronze

Re: Design Suggestions

You don't need PIX for DMVPN, you can implement it with IOS Routers.

Hall of Fame Super Gold

Re: Design Suggestions

Agree with Edison, dmvpn is the next big thing. We are beginning some deployment and it looks real nice so far.

New Member

Re: Design Suggestions

Thanks again.

Can I assume we can do a spooke and hub config and avoid full meshing for all sites to communicate?

All I assume it requires configuring tunnels for each and ever subnet to each location?

Thanks!

Hall of Fame Super Gold

Re: Design Suggestions

No you don't need to configure each subnet at tunnel level. You will use a routing protocol of your choice, and all the remote subnets will be announced and reachable from hub site without additional configuration

112
Views
5
Helpful
6
Replies