Cisco Support Community
Community Member

GETVPN with ASR 1001 Design Question

I've attached a quick visio for reference.  I'm designing a new Layer 2 WAN with 2 ASR routers, 2 3845's and 2 1941's and hoping to get some insight on a few questions. 

Obivously the goal is to follow best practices and have full redundancy on the network.  I know functionality wise I can place the Key servers on the WAN or behind a GM on the LAN, i'm just looking for some insight on what other folks think is the best plan.

My Questions are:

- Since I have a redundant link, should I place my Key servers on the LAN instead of the WAN so there is a secondary path for them to stay in synch if the L2 WAN goes down?

- If I want to encrypt traffic accross the P2P fiber link does it make more sense for the Key Server's to reside on the LAN instead of the WAN?

- If the provider is only handing off 1 ethernet connection at the Core site, and the key server will live on the WAN, how should I handle splitiing this connection to both the ASR and the Key Sever?  Should I use an external switch, or bridge interfaces on the ASR?  Or is this just another good reason to place the key server's on the LAN?

Thanks for the help.

Everyone's tags (3)
CreatePlease to create content