[cisco-voip] Anyone doing large-scale VPNs?

[Matthew Loraditch]

you are correct about VPNs and ASAs. With your site quantity I'd not want to be managing that many tunnels. DMVPN is a router only (with the exception of 6500s with certain modules) technology.

If all of your hand offs will be ethernet your choice whether to upgrade to 2900s or not seems to solely be a throughput/performance question. 



Matthew Loraditch, CCVP, CCNA, CCDA
1965 Greenspring Drive

Timonium, MD 21093
support at heliontechnologies.com
(p) (410) 252-8830
(F) (443) 541-1593

Visit us at www.heliontechnologies.com
Support Issue? Email support at heliontechnologies.com for fast assistance!

________________________________________
From: cisco-voip-bounces at puck.nether.net [cisco-voip-bounces at puck.nether.net] on behalf of Robert Kulagowski [rkulagow at gmail.com]
Sent: Saturday, April 16, 2011 10:02 PM
To: Cisco VOIP
Subject: [cisco-voip] Anyone doing large-scale VPNs?

Our existing contract with a global MPLS provider is going to be
ending in about a year, so it's time to start planning what to do.
(We have 50+ sites in multiple countries.)

There's a certain appeal to DMVPN, but the throughput rates on the
2800 series routers leave much to be desired, especially once the Mbps
goes up.  (I've read the even unencrypted traffic will max out the
router at around 45Mbps, so having a gigE port seems like an odd
choice).

The ASA 55xx seems nice because it's optimized for encryption, but it
doesn't appear to have DMVPN.  If spoke-to-spoke is a requirement,
then is the only solution to setup n-1 routes / tunnels in each ASA?

Given that all handoffs from the provider are going to be ethernet,
does it even make sense to put in a 2900 series router if the various
WIC cards are never going to be populated?
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip