Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > VPN triangulation.

Reply
Thread Tools

VPN triangulation.

 
 
AM
Guest
Posts: n/a
 
      03-07-2005
Is it possible to create 3 "tunnels" having 3 837?
Something like 3 spokes... each one has 2 configurations to speak with the other 2 837.

Have you any document or keywords to look for on the web?

Thanks.

Alex.
 
Reply With Quote
 
 
 
 
RobO
Guest
Posts: n/a
 
      03-07-2005
Hi,

Depending on your IOS version you could go for MultiPoint GRE over
IPSEC.
Very scalable and you can go Hub and Spoke design or Spoke to Spoke.
Cant give you an IOS version but try here:
http://www.cisco.com/pcgi-bin/Suppor..._Configuration

Rob

 
Reply With Quote
 
 
 
 
AM
Guest
Posts: n/a
 
      03-07-2005
RobO wrote:

> Hi,
>
> Depending on your IOS version you could go for MultiPoint GRE over
> IPSEC.
> Very scalable and you can go Hub and Spoke design or Spoke to Spoke.
> Cant give you an IOS version but try here:
> http://www.cisco.com/pcgi-bin/Suppor..._Configuration
>
> Rob
>

So do you mean I must create as many Tunnels interface as the spoke are (lerss one) and apply each crypto map to the
interfaces?

I always used only one spoke to hub and I didn't configure tunnel interfaces? Is this the only way to build
triangulation? What do the sequence numbers mean in crypto map policy? I thought to use them for different policies used
for different spokes
Thanks a lot.

Alex.
P.S.
I really appreciated your suggestions about PIPEX. Installing router every thing worked fine!
Thanks again
 
Reply With Quote
 
RobO
Guest
Posts: n/a
 
      03-07-2005
Hi Alex!

No problem glad to have helped.

The beauty about Multipoint GRE over IPSEC is that you dont need to
configure as many tunnels as remote sites.

So you will have 1 tunnel interface on a main HUB router with
next-hop-resolution protocol and the spokes also configured with tunnel
interfaces and NHRP.
NHRP tells the router what are the remote endpoints of the VPN and sets
up the IPSEC VPN.
You can create different crypto map sequences for different networks
and do spoke to spoke that way but to be honest with Multipoint GRE
whenever you want to add another router you dont have to touch the main
HUB router as it is dynamically setup through NHRP and EIGRP.

Also on mGRE you dont need to specify crypto maps just a common IPSEC
profile which is bound to the tunnel interface.

I can send you some config examples that I have for 3 sites using HUB
AND SPOKE mGRE also called Dynamic Multipoint VPN.
Dont think I still have your email.

Hope this helps

Regards,

Rob

 
Reply With Quote
 
AM
Guest
Posts: n/a
 
      03-07-2005
RobO wrote:


Hi Rob!
My target is to reach the configuration you described step by step. So I think to build a static
triangulation even if it is very poor in scalability but just to understand steps needed to do that.
The next step will be to use mGRE.
If you has config files you can send them to me at ti.orebil@cam_lxa (reverse it to get the correct
address)

Thanks a lot!

Alex.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN site to site & Remote access VPN ( vpn client) over the same interface pasatealinux Cisco 1 12-17-2007 07:41 PM
Cisco vpn server enabled / VPN and no-VPN connections mix Elise Cisco 6 05-22-2004 07:55 AM
Easy VPN Server and Cisco VPN Client 4.0.3 Masud Reza Cisco 2 10-20-2003 06:12 PM
VPN IPSEC connection between a cisco 17xx and Nortel vpn box Joris Deschacht Cisco 0 10-16-2003 02:13 PM
VPN over VPN? Otto Cisco 1 07-18-2003 06:17 PM



Advertisments