Hi John
Can't you keep the peers down to one per site if you use loopback addresses
on each router as the encryption peer?
Gaz
""John Neiberger"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> The '150' number would only be if certain branches had to peer twice:
> once over the primary route and once over the secondary-but-always-up
> route. In actuality, there would still be about 90 peers on that single
> 7513 but the volume of traffic per peer is going to be pretty low. It's
> only tn3270 and DLSw stuff. The rest of the interbranch traffic will
> remain in the clear.
>
> Is that still going to be too many peers? I know that the 7513 has a
> card to do hardware encryption. It looks like we may have to check into
> that again.
>
> Thanks,
> John
>
> >>> "Dana J. Dawson" 6/21/01 4:38:07 PM >>>
> IPSec and redundancy is hard. The usual recommendation is to use GRE
> tunnels over IPSec, since the tunnels provide a logical interface over
> which
> you can run a routing protocol that will provide the redundancy.
>
> With plain old IPSec, you use access-lists to specify which traffic
> goes to
> which peer, and you can't overlap any of your crypto access-lists
> (those
> referenced in a "match address" command in a crypto map). This
> precludes
> the possiblity of doing redundancy this way.
>
> That being said, you don't want to terminate 150 peers in your 7513,
> especially if you want that router to do anything else. With this
> scale of
> VPN network, you should have a dedicated VPN concentrator.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=9557&t=9225
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
