[c-nsp] Recommendation - reconfiguring full-mesh VPN network

[Garry]

Hi,

We've more or less taken over configuration and support of a customer
network. It is made up of several microwave links, with 2800 series
routers at the points in between. Lower layer EIGRP routing, with VPN
tunnel on top to secure the actual content. Sites have dual VLANs for
voice and data, though no multi-vlan on the actual backbone.

They have now started rolling out additional routers for new links,
which of course makes configuration a pain, as the company that
originally set up the network (when there were only 4 stations) had
configured a full mesh VPN connections. Needless to say I'd prefer to
throw that out in favor of a more service-friendly setup ...

I briefly thought about DMVPN or GET-VPN ... but believe just encrypting
everything on a hop-by-hop basis would be the more logical way to go ...
that way, I could just move the routing to the encrypted layer ... once
a new site needs to be configured, all I need to touch is the new router
and the one it is connected to ...

Any recommendations?

Tnx, -garry