I am planning on making our small offic vpn solution more redundant by adding a second hub router to our DMVPN solution. There are about 100 spoke routers, and there will be 2 hub routers, both located in one of our datacenters.
I have some questions around the detailed config for this (we will use EIGRP routing protocol).
Most important question is weither or not to use ISAKMP profiles with the crypto keyring commands for the pre-shared keys, or just choosing different tunnel-id, different subnet and tunnel key for each tunnel (each spoke will have two tunnel configs ofcourse).
What are the pros and cons of crypto keyring, when to use it?
Second question is about EIGRP over DMVPN (in case of two hub routers). What is the best way to force trafic to prefer one hub router as the main path?
ehm, that would not adhere to the DMVPN solution. Or do you mean the preshared keys for IPSec? In that I agree it would be better to have PKI but since there is only 100 spokes at this point this is not considered an issue for now.
What I need to know s when is it needed to use crypto keyring for DMVPN solution. Anybody who can shine a light there?
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...