Cisco Systems setting up multiple (20 +) offices using 1720s and one 3030

Bookmark this page:  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
setting up multiple (20 +) offices using 1720s and one 3030 Joe 04-14-06
Posted by Joe on April 14, 2006, 5:09 pm
Please log in for more thread options
2 points
1) Can I setup a tunnel to the main office from all the sub offices and
route the traffic through a core router instead of setting up a 20
office vpn cloud.

2) I'm looking at using easy vpn (EZ or easy). Any
thoughts/experiences?

This is all stemming from wanting to centralize configuration changes.
Currently all sub offices have full access lists defining all other
offices. Makes for a headache when downsizing the business, or
expanding if you glass is half full.

Joe
Back Up Network admin.


Posted by Walter Roberson on April 14, 2006, 6:18 pm
Please log in for more thread options
>2 points
>1) Can I setup a tunnel to the main office from all the sub offices and
>route the traffic through a core router instead of setting up a 20
>office vpn cloud.

>2) I'm looking at using easy vpn (EZ or easy). Any
>thoughts/experiences?

>This is all stemming from wanting to centralize configuration changes.

It sounds to me as if the newish "DMVPN" feature might be just
what you are looking for. I have not, though, checked to see if
it is supported on the 1720s; I'm pretty sure it isn't supported on
the 3030.

Posted by Merv on April 14, 2006, 6:33 pm
Please log in for more thread options
Conceptually DMVPN is a hub-and-spoke setup but it only requires one
tunnel interface configured on the hub. Thus adding spokes is easier.
Dynamic spoke-to-spoke tunnels can be created so that other than some
inital setup traffic ,spoke to-spoke traffic can flow directly between
spokes.

DMVPN is not supported on the 3030 VPN concentrator so you would need a
suitably sized hub route capable of handling 20+ spokes.

Also check out the new Configuring Cisco Easy VPN with IPSec Dynamic
Virtual Tunnel Interface (DVTI) feature - again this is an IOS-based
router VPN solution.


Posted by Joe on April 18, 2006, 12:47 pm
Please log in for more thread options
very helpful. Something I don't understand though is why can't I route
the traffic through a core router through the vpn.

Office A is the data center with the 3030 and a Large router.
Ofice B and C are connected to Office A but do no know of each other.

Then route all the traffic for our class B network through the core.

I've tried to do this but I can't get the IP route statement to travel
the Vpn tunnel. I'm still learning about all of this and any help
woulf be great.


Similar ThreadsPosted
setting up multiple (20 +) offices using 1720s and one 3030 April 14, 2006, 5:09 pm
Internet access for remote site over dedicated T1 line w/ Cisco 1720s September 28, 2005, 8:21 pm
VPN 3030, PPTP and SEP vs SEP-E February 10, 2006, 12:59 pm
Need Cisco VPN advice for connecting two offices September 9, 2008, 3:45 pm
Cisco 3030 doesn't work after 21st connection August 10, 2005, 2:27 pm
HELP: Cisco 3030: Packets don't reach destination August 10, 2005, 2:34 pm
Need help with 1721 routers to joing 2 offices via leased line May 23, 2006, 5:33 am
"incomplete chain" error installing ssl certificate on VPN 3030 December 5, 2006, 1:12 pm
Re: Frame Relay -HQ-remote offices slow connection March 5, 2007, 4:25 am
Re: Frame Relay -HQ-remote offices slow connection March 5, 2007, 4:30 am
Re: Frame Relay -HQ-remote offices slow connection March 6, 2007, 12:43 am
Frame Relay -HQ-remote offices slow connection June 25, 2007, 5:55 am
VPN 3030 - VPN Client 4.x - loss of internal network access after 4 hours July 11, 2005, 5:03 pm
Load Balancing Multiple Cisco Routers with Multiple ADSL circuits May 1, 2007, 5:39 am
question regarding creating a site-to-site VPN between an ASA 5505 and a VPN 3030 November 28, 2007, 10:17 am