VPN triangulation.

Discussion in 'Cisco' started by AM, Mar 7, 2005.

  1. AM

    AM Guest

    Is it possible to create 3 "tunnels" having 3 837?
    Something like 3 spokes... each one has 2 configurations to speak with the other 2 837.

    Have you any document or keywords to look for on the web?

    Thanks.

    Alex.
     
    AM, Mar 7, 2005
    #1
    1. Advertising

  2. AM

    RobO Guest

    RobO, Mar 7, 2005
    #2
    1. Advertising

  3. AM

    AM Guest

    RobO wrote:

    > Hi,
    >
    > Depending on your IOS version you could go for MultiPoint GRE over
    > IPSEC.
    > Very scalable and you can go Hub and Spoke design or Spoke to Spoke.
    > Cant give you an IOS version but try here:
    > http://www.cisco.com/pcgi-bin/Suppo...logies:GRE&s=Implementation_and_Configuration
    >
    > Rob
    >

    So do you mean I must create as many Tunnels interface as the spoke are (lerss one) and apply each crypto map to the
    interfaces?

    I always used only one spoke to hub and I didn't configure tunnel interfaces? Is this the only way to build
    triangulation? What do the sequence numbers mean in crypto map policy? I thought to use them for different policies used
    for different spokes
    Thanks a lot.

    Alex.
    P.S.
    I really appreciated your suggestions about PIPEX. Installing router every thing worked fine!
    Thanks again
     
    AM, Mar 7, 2005
    #3
  4. AM

    RobO Guest

    Hi Alex!

    No problem glad to have helped.

    The beauty about Multipoint GRE over IPSEC is that you dont need to
    configure as many tunnels as remote sites.

    So you will have 1 tunnel interface on a main HUB router with
    next-hop-resolution protocol and the spokes also configured with tunnel
    interfaces and NHRP.
    NHRP tells the router what are the remote endpoints of the VPN and sets
    up the IPSEC VPN.
    You can create different crypto map sequences for different networks
    and do spoke to spoke that way but to be honest with Multipoint GRE
    whenever you want to add another router you dont have to touch the main
    HUB router as it is dynamically setup through NHRP and EIGRP.

    Also on mGRE you dont need to specify crypto maps just a common IPSEC
    profile which is bound to the tunnel interface.

    I can send you some config examples that I have for 3 sites using HUB
    AND SPOKE mGRE also called Dynamic Multipoint VPN.
    Dont think I still have your email.

    Hope this helps

    Regards,

    Rob
     
    RobO, Mar 7, 2005
    #4
  5. AM

    AM Guest

    RobO wrote:


    Hi Rob!
    My target is to reach the configuration you described step by step. So I think to build a static
    triangulation even if it is very poor in scalability but just to understand steps needed to do that.
    The next step will be to use mGRE.
    If you has config files you can send them to me at ti.orebil@cam_lxa (reverse it to get the correct
    address)

    Thanks a lot!

    Alex.
     
    AM, Mar 7, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Otto

    VPN over VPN?

    Otto, Jul 18, 2003, in forum: Cisco
    Replies:
    1
    Views:
    3,747
    Walter Roberson
    Jul 18, 2003
  2. Joris Deschacht
    Replies:
    0
    Views:
    4,067
    Joris Deschacht
    Oct 16, 2003
  3. Elise
    Replies:
    6
    Views:
    868
    John Rennie
    May 22, 2004
  4. Frisbee®

    OT: Tuesday Triangulation

    Frisbee®, Nov 22, 2005, in forum: MCSE
    Replies:
    4
    Views:
    425
    TechGeekPro
    Nov 23, 2005
  5. pasatealinux
    Replies:
    1
    Views:
    2,119
    pasatealinux
    Dec 17, 2007
Loading...

Share This Page