Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

VPN between 2 3845 HSEC routers

Hi friends,

I have 2 Cisco 3845 HSEC routers with AIM-VPN-SSL3 modules in them. One router has been installed in a data center and the other router has been installed in the HQ. The DC and the HQ have been connected by a 4 Mb MPLS link.

Since these routers have an AIM module, i am contemplating on setting up VPN between these routers. Which VPN is recommended in this setup? A site to site VPN or an Easy VPN or a Get VPN or some other option?

Please suggest

Thanks a lot

Gautam

Note: Have posted this same question in Security -->General as it was even relevant there.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Gold

Re: VPN between 2 3845 HSEC routers

Hi Gautam,

For the VPN to work, doesn't matter which type of address they give you. All what you need to decide, is if you want encryption, and how strong you want it (eg, AES). Since there is no impact on performances, often organizations decide to encrypt for the peace of mind and that's it.

As a recognition to those providing answers, please rate useful posts using the scrollbox below!

3 REPLIES
Hall of Fame Super Gold

Re: VPN between 2 3845 HSEC routers

Hi,

The 3845 like all ISR router does already have an embedded hardware module for IPsec. The AIM is more for SSL based Vn that are something else.

Anyway, if you are positive that there is no growth and only the wto LAN have to communicate with encryption, I would configure a traditional IPSEC VPN. Else, if you plan to add dranches, etc, I would do a DMVPN using GRE over IPSEC with the "tunnel protection" command. This has the advantage that you can cnahge renumber sites, etc, without touching access-lists and such.

Hope this helps, please rate post if it does!

New Member

Re: VPN between 2 3845 HSEC routers

Thanks a lot for your helpful response. Just one question here.

I am in for a VPN on a Layer 2 MPLS link whose WAN IP's are private (RFC1918) and are connected to each other through the Service provider cloud. I am not sure if it is sensible doing a VPN on such a link?

Can anybody shed some light on this?

Thanks a lot

Gautam

Hall of Fame Super Gold

Re: VPN between 2 3845 HSEC routers

Hi Gautam,

For the VPN to work, doesn't matter which type of address they give you. All what you need to decide, is if you want encryption, and how strong you want it (eg, AES). Since there is no impact on performances, often organizations decide to encrypt for the peace of mind and that's it.

As a recognition to those providing answers, please rate useful posts using the scrollbox below!

131
Views
0
Helpful
3
Replies
CreatePlease to create content