Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Implement Site to Site VPN among Head Office and Branches...

hi all,

I want to implement site to site vpn among our Head Office and Barnch routers (300 Sites).Head Office Site I have a cisco 7200 Router Im going to terminate the VPN conection on that.Branches we are having cisco 1841 series routers. They all are capable of working with VPN.In the present it is act like a EazyVPN Server for selected sites(30 sites).

Is there any license limitations in Cisco 7200 Router ?

Can I run both Site to site VPN and Eazy VPN Server together ?

Is there any other factors what should I consider in order to implement this solution ?

You responses using expertise knowledge highly appreciate. Because Im not that much familiar with VPN solutions.


  • WAN Routing and Switching
Hall of Fame Super Silver

Implement Site to Site VPN among Head Office and Branches...

here is a link from Cisco that discusses using both Cisco Easy VPN and IPSec tunnel VPN on the same router.

I worked with a customer who had over 400 remote sites doing site to site VPN IPSec tunnels to a head end router that was a 7200. So I believe that what you intend to do is quite possible. To help our implementation scale to that number of remotes we did several things:

- we used IPSec with GRE so that we could run a dynamic routing protocol. (We wanted a dynamic routing protocol so that we could implement redundancy. but even if you do not have redundancy with 300 remote sites that would be a lot of static routes to configure and maintain. so I would suggest a dynamic routing protocol)

- we used EIGRP as the routing protocol.

- we configured the remote site router as eigrp stub.

- at the head end we configured a distribute list that would advertise to the remote only a default route. The head end had a large routing table, but at the remote the routing table was quite simple with only its connected routes and a default route to the head end.

- we were using traditional IPSec with crypto maps but the new approach using VTI tunnel protection mode gives the same capabilities and simplifies the configuration.