On Tue, May 22, 2001 at 09:13:57PM +0100, Kevin Gannon wrote:
> We are looking at deploying a Cisco IPSec VPN between a number
> of our departments. However the problem is we do _not_ want to
> terminate the peers on a central box. We want to create a a partial
> mesh and most likely a full mesh.
>
> The problem is the crypto peers , each time we add a new site
> it means a huge pain in the ass creating all the new peers.
> Is there anyway around this ?
>
> I know MPLS would be ideal for this but we are already running
> MPLS but we are required to also have IPSec and can not
> have a central termination for the peers.
Short answer: there's no easy way out. Longer answer: check out book called
"MPLS and VPN Architectures". ;)
Alternative solution - buy a pile of PIX firewalls, they supposevily have a
nice GUI that will let you provision and configure your IPSec tunnels with
clickity-clicks. ;) (You'll have to check on this, in terms of tunnel
provisioning tools)
SY,
-- CCNP, CCDP (R&S) Dmitri E. Kalintsev CDPlayer@irc Network Architect @ connect.com.au dek @ connect.com.au phone: +61 39 674 3913 fax: 251 3666 http://-UNAVAIL- UIN:7150410 cell: +61 41 335 1634
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:38 EDT