Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
403
Views
0
Helpful
6
Replies

IPSec VPN the best one

Go to solution
Mero Cisco
Level 1
Level 1

‎10-30-2013 05:05 AM - edited ‎03-04-2019 09:27 PM

Hi,

I have got a static ip at server side and dynamic at remote side. I want the IPSec VPN, which one is the best? Please provide me the reference of examples.

Regards,

Mero

Sent from Cisco Technical Support iPhone App

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎10-30-2013 07:36 AM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

DMVPN supports remotes with dynamic IP (using NHRP).

View solution in original post

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to Mero Cisco

‎10-31-2013 10:32 AM

Ok, with that DMVPN is one option, the most up-to-date solution (FlexVPN) is not possible because that is not supported on Gen1 ISRs (1800, 2800, 3800).

Without the need to have spoke-to-spoke traffic and if you don't plan to use that in the future, I would use VTIs on the spokes and DVTIs on the hub. That's quite easy to configure and scales easily to your amout of spokes.

The third option is EasyVPN. But I woudn't use that any more as the combination of VTI/DVTI gives you more flexibility.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎10-30-2013 07:36 AM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

DMVPN supports remotes with dynamic IP (using NHRP).

0 Helpful

Go to solution
Mero Cisco
Level 1
Level 1
In response to Joseph W. Doherty

‎10-30-2013 08:49 AM

Hi,

Is there any other options beside this one?

Regards,

Mero

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
Jeff Van Houten
Level 5
Level 5
In response to Mero Cisco

‎10-30-2013 06:00 PM

As Joseph indicated DMVPN is the current Cisco recommendation when you have dynamically addressed sites.

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP

‎10-30-2013 10:11 AM

With this little information it's not possible to suggest the best solution for your environment.

1) How many remotes are you talking about?

2) Do you need spoke-2-spoke traffic?

3) Which VPN-devices do you have on the HQ and on the remote-sites?

4) Or are perhaps only talking about remote that need to connect?

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Go to solution
Mero Cisco
Level 1
Level 1

‎10-31-2013 09:44 AM

Hi,

1. About 10
2. No
3. HQ - 3825, 2900, 1841: remote - 1841, 881
4. Remote to HQ

I want to connect through 3G on remote side.

Regards,


Mero

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to Mero Cisco

‎10-31-2013 10:32 AM

Ok, with that DMVPN is one option, the most up-to-date solution (FlexVPN) is not possible because that is not supported on Gen1 ISRs (1800, 2800, 3800).

Without the need to have spoke-to-spoke traffic and if you don't plan to use that in the future, I would use VTIs on the spokes and DVTIs on the hub. That's quite easy to configure and scales easily to your amout of spokes.

The third option is EasyVPN. But I woudn't use that any more as the combination of VTI/DVTI gives you more flexibility.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card