VPN

Mike!

It is very possible with Cisco IOS provided atleast one of the routers has a static IP which will act as the HUB and the rest with Dynamic IP addressing acting as spokes.

Cisco call this Dynamic Multipoint VPN.

Have a look at these link it might give you a bit more insight.

formatting link
I have used this on the lower end models like the 1721 Routers in test environments, but it is recommended to go for a higher spec model, maybe the links can help you out as to which model is best suited.

Hope this helps.

Rob

Reply to
RobO
Loading thread data ...

In article , RobO wrote: :It is very possible with Cisco IOS provided atleast one of the routers :has a static IP which will act as the HUB and the rest with Dynamic IP :addressing acting as spokes.

Yeah, but the OP doesn't have any static IPs at all, or so the question strongly implied.

If you have a static IP somewhere and your dynamic nodes check in there from time to time, you have a lot more options. If, though,

-all- of your nodes have dynamic IPs, it's much harder.

The reference to cable/DSL suggested "residential" users on residential contracts to me.

Ah, I just thought of something that could be explored. The VPN 30xx and the PIX 515/515E, 525, and 535 running PIX 7.0, support VPNs over SSL. SSL tends to imply runtime hostname lookup. -Maybe- something would work out along those lines.

Reply to
Walter Roberson

Sounds like a much better option Walter! - SSL VPN.

I was only thinking on the lines of getting a single static IP which wouldn't take much.

Reply to
RobO

I apologize, I did leave out a very important detail. The "hub" site WILL have a static IP.

Thanks for the responses! Appreciate it!

Mike

Reply to
Mike

In article , Mike wrote: :I apologize, I did leave out a very important detail. The "hub" site :WILL have a static IP.

Yeah, that's a pretty important detail in this case ;-)

If you have a static hub site then your options include PIX 7.0 on a 515/515E, 525, or 535.

You options might also include a VPN 3000 series -- I'm not as familiar with them.

The dynamic spoke system mentioned previously is kind of interesting: it is especially suited for the case where even the number of spokes is regularily changing, and it is necessary to bring a new one online quickly (e.g., new branch offices.)

Depending on what you are attempting to accomplish, there is something else you might wish to consider. There is, my co-worker informs me, a project currently active which essentially creates a private Internet through sites VPN'd together using free software. I do not recall the name of the project/software, but I could find out easily.

Reply to
Walter Roberson

Walter,

Thanks again. I would love to find out the name of the software, if it not too much trouble.

Mike

Reply to
Mike

In article , Mike wrote: :Walter Roberson wrote: :> informs me, a project currently active which essentially creates :> a private Internet through sites VPN'd together using free software.

:I would love to find out the name of the software, if it :not too much trouble.

OpenVPN

formatting link

Reply to
Walter Roberson

You are a big help!

Mike

Reply to
Mike

Outside of scalability, is there a fundamental difference between pix 501 vpn and vpn 3000 concentrator?

Thansk in advance

Reply to
RG

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.