We are testing this nice PIX GUI (I guess you're talking about PDM) but
we're getting lots of unexpected results (bugs?) working with IPSec.
I would better recommend installing VPN 3000 concentrators (3005 is cheap
and supports till 100 LAN-to-LAN tunnels), they are really easy to
configure. If your network is partial mesh, you can install VPN3002 in sites
where they are acting as 'clients' of a VPN 3000 conecentrator.
Mati
Matilde Gil
Dpto. Ingenieria y Servicios de Red
www.servicom2000.com <http://www.servicom2000.com/>
-----Mensaje original-----
De: Dmitri Kalintsev [mailto:dek@hades.uz]
Enviado el: miercoles, 23 de mayo de 2001 2:23
Para: cisco-nsp@puck.nether.net
Asunto: Re: Scaling IPSec VPNs and Meshes ?
On Tue, May 22, 2001 at 09:13:57PM +0100, Kevin Gannon wrote:
> We are looking at deploying a Cisco IPSec VPN between a number
> of our departments. However the problem is we do _not_ want to
> terminate the peers on a central box. We want to create a a partial
> mesh and most likely a full mesh.
>
> The problem is the crypto peers , each time we add a new site
> it means a huge pain in the ass creating all the new peers.
> Is there anyway around this ?
>
> I know MPLS would be ideal for this but we are already running
> MPLS but we are required to also have IPSec and can not
> have a central termination for the peers.
Short answer: there's no easy way out. Longer answer: check out book called
"MPLS and VPN Architectures". ;)
Alternative solution - buy a pile of PIX firewalls, they supposevily have a
nice GUI that will let you provision and configure your IPSec tunnels with
clickity-clicks. ;) (You'll have to check on this, in terms of tunnel
provisioning tools)
SY,
-- CCNP, CCDP (R&S) Dmitri E. Kalintsev CDPlayer@irc Network Architect @ connect.com.au dek @ connect.com.au phone: +61 39 674 3913 fax: 251 3666 http://-UNAVAIL- UIN:7150410 cell: +61 41 335 1634
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:38 EDT