857/877 IPsec tunnels

Home Forums Networking Cisco Routers & Switches How-to 857/877 IPsec tunnels

This topic contains 8 replies, has 3 voices, and was last updated by Avatar bdesmond-mvp 12 years, 6 months ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • Avatar
    davesynths
    Member
    #118476

    Hello,

    I hope someone can help me:

    I know the 857 and 877 can have 5/10 tunnels simultaneously connected. My question is: Can you define more than 10 tunnels if you only need one connected at once?

    E.g. Head office connected to 16 sites but only one site needs to be connected at any time. So I would need to define 16 tunnels on the router.

    Can you do this?

    Thanks,
    Dave

    Avatar
    theterranaut
    Member
    #285853

    Re: 857/877 IPsec tunnels

    Hi Dave,

    the only info I’ve been able to find on this is the standard Cisco line: 5 or 10 ‘active’ tunnels.

    Somehow, though, I cant see them introducing a software restriction just for these devices. My guess- and it is just that, a guess- is that the hardware encryption engine limits tunnels to 5 or 10.

    Sorry I cant be of more help-

    regards,

    theterranaut

    Avatar
    davesynths
    Member
    #290565

    Re: 857/877 IPsec tunnels

    Thank you for your reply, I think i’m going to have to buy one and find out!

    I’m hoping it will just not establish the tunnel if it’s already at it’s maximum, I’m moderately hopeful

    Thanks for trying though,

    Regards,
    Dave

    Avatar
    bdesmond-mvp
    Member
    #291243

    Re: 857/877 IPsec tunnels

    Dave,

    Before you buy one of these I would advise you to look at your requirements a bit more closely. The encryption capabilities of these routers isn’t much. If you’re going to be connecting this many spokes you’ll likely run the CPU to the ground pretty quickly.

    Avatar
    davesynths
    Member
    #290566

    Re: 857/877 IPsec tunnels

    Hello,
    Thanks for your reply Brian, I take your point and if it was a traditional deployment then I’d definately look at a higher spec router.

    However, this scenario will only ever need 1 (possibly 2) tunnels connected at any one time so I think the hardware should be good for that?

    There won’t be any ‘interesting traffic’ to start the tunnel up apart from once a day so as long as there’s no keep-alive and no DPD I should be okay?

    Kind regards,
    Dave

    Avatar
    theterranaut
    Member
    #285883

    Re: 857/877 IPsec tunnels

    Hi Dave,

    do you mean that the tunnel(s) are only going to be in operation for a brief point during the day?

    regards

    TT

    Avatar
    davesynths
    Member
    #290567

    Re: 857/877 IPsec tunnels

    Hi TT,

    Yes, it’s quite a weird method of working but all the comms between the hub and spokes will be done in batches at the end of the night, one at a time. So I need 16 spokes odd but only one connected at once.

    Thanks,
    Dave

    Avatar
    bdesmond-mvp
    Member
    #291247

    Re: 857/877 IPsec tunnels

    You’ll probably be fine as long as you’re not pushing too much at any given time. You just don’t have much room to maneuver in or grow.

    Sounds like some wierd mainframe job schedule or something to me.

    Avatar
    theterranaut
    Member
    #285888

    Re: 857/877 IPsec tunnels

    Batch processing. Those were the days! If only they had all gone away…

    theterranaut

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.