Implement Site to Site VPN among Head Office and Branches...
I want to implement site to site vpn among our Head Office and Barnch routers (300 Sites).Head Office Site I have a cisco 7200 Router Im going to terminate the VPN conection on that.Branches we are having cisco 1841 series routers. They all are capable of working with VPN.In the present it is act like a EazyVPN Server for selected sites(30 sites).
Is there any license limitations in Cisco 7200 Router ?
Can I run both Site to site VPN and Eazy VPN Server together ?
Is there any other factors what should I consider in order to implement this solution ?
You responses using expertise knowledge highly appreciate. Because Im not that much familiar with VPN solutions.
I worked with a customer who had over 400 remote sites doing site to site VPN IPSec tunnels to a head end router that was a 7200. So I believe that what you intend to do is quite possible. To help our implementation scale to that number of remotes we did several things:
- we used IPSec with GRE so that we could run a dynamic routing protocol. (We wanted a dynamic routing protocol so that we could implement redundancy. but even if you do not have redundancy with 300 remote sites that would be a lot of static routes to configure and maintain. so I would suggest a dynamic routing protocol)
- we used EIGRP as the routing protocol.
- we configured the remote site router as eigrp stub.
- at the head end we configured a distribute list that would advertise to the remote only a default route. The head end had a large routing table, but at the remote the routing table was quite simple with only its connected routes and a default route to the head end.
- we were using traditional IPSec with crypto maps but the new approach using VTI tunnel protection mode gives the same capabilities and simplifies the configuration.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...