Announcement

Collapse
No announcement yet.

Site-to-site VPN Cisco 2811 spserivcesk9.mz 12.3(11)T10

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Site-to-site VPN Cisco 2811 spserivcesk9.mz 12.3(11)T10

    Dear All,

    I'm quite new to the Cisco VPN solution, please kindly recommended me to design VPN solution.

    Resources:
    1. One head quarter site using Cisco 2811 with IOS "c2800nm-adventerprisek9-mz.124-11.XW.bin"
    2. 4 remote sites with IOS "c2800nm-spservicesk9-mz.123-11.T10.bin"
    3. 1 Cisco router 1721 with IOS "c1700-y-mz.123-9c.bin"

    Design
    1. A site-to-site VPN using Hub-and-spoke topology.
    2. A central office manage VPN.

    Question:
    1. Base on remote site IOS version, do my remote site support site-to-site VPN configuration?
    2. If any remote site failed to support VPN requirement, do I need to upgrade IOS on such site to support VPN?
    3. For better VPN management, what is additional hardware for VPN at head office? For example, VPN Concentrator 3000 (outdated) or any?

    Please kindly help... Thank you very much for your kind support.

    Best regards,
    Aod

  • #2
    Re: Site-to-site VPN Cisco 2811 spserivcesk9.mz 12.3(11)T10

    1. Base on remote site IOS version, do my remote site support site-to-site VPN configuration?
    2. If any remote site failed to support VPN requirement, do I need to upgrade IOS on such site to support VPN?
    The 2811 with advanced enterprise should work with crypto/ipsec. The 4 sites with "spservices"... I don't think so. If you have access to these routers, try and define a crypto policy or crypto map. If the commands work, then crypto/ipsec is supported.

    To be sure, I would suggest using the Cisco IOS software Selector Tool This will tell you which IOS supports what feature set.
    3. For better VPN management, what is additional hardware for VPN at head office? For example, VPN Concentrator 3000 (outdated) or any?
    Personally I like the vpn concentrators, but I would base my decision on concentrator vs router on how many spokes and the amount of traffic you plan on transmitting across all the tunnels. FWIW: All 2800 series routers support AIM, which allows you to purchase a VPN encryption module for your 2811 to offload vpn encryption from 2811 CPU. With only 5 spokes, this might be a viable option.

    Comment

    Working...
    X