Compare cert salaries and plan your next career move
jimmypizzle83 wrote: » What's going on everyone? I am designing a network for a company right now that has 5 sites that are located all over the east coast. I want to have a hub and spoke VPN config using ASAs. Which model should I use at the hub? Suggestions are greatly appreciated.
networker050184 wrote: » How about an MPLS VPN service? With five sites, I'd just go that route so you don't have to worry about IPSEC VPNs over the internet.
ilcram19-2 wrote: » get routers instead of ASA you have more options dmvpn, gre/ipsec are more scalable than regular ipsec vpns
ilcram19-2 wrote: » In that case i rather get a router, ASA is just a firewall have alot of limitations for qos, routing, and all the good stuff plus the router they all come with a vpn accelatator build-in now, and IOS firewall, IOS IPS, content filtering. I would look in to the ISR models and they are cheaper than an ASA
networker050184 wrote: » I wasn't saying to use any specific piece of equipment, just that an MPLS VPN solution, while more expensive, cuts down the administrative and technical over head of IPSEC VPNs.
ilcram19-2 wrote: » That would depend alot of what kind of mpls vpn youll be using overlay or peer to peer, they are the most common mpls vpn deployments. i rather save that money i;ve never seen a strong reason to go for mpls vpns, with then new vpn technologies you can create you own mpls network speacially for 5 sites.
ilcram19-2 wrote: » i guess u are forgetting what a VPN really is, by having a virtual circuit or a point to point link you already have you vpn there, and yo cannot tell me than thats not what an overlay vpn, mpls vpn overlay are just dedicated private links which thats what i've seen the most in europe and US deployments, peer to peer vpn are mostly created from site to site. Most of the mpls vpn network that i've seen are overlay vpn since they required connectivity to multiple sites over the same virtual circuit.
kalebksp wrote: » I don't understand what you're saying.
networker050184 wrote: » Not to be a jerk man, but either there is a language barrier or we are talking about two different things. The overlay vs peer to peer thing is VPNs in general and not something specific to MPLS VPN. I really don't think you completely understand the concepts and uses of MPLS VPNs. I'll leave it at that.
ColbyG wrote: » The closest thing to the average (full mesh) MPLS VPN is DMVPN. All sites have connectivity to each other without going through the hub site. Using traditional IPSEC VPNs or even GRE/IPSEC tunnels (no DMVPN) isn't much of a comparison to a normal MPLS VPN deployment. The difference in administrative overhead is huge. If the OP doesn't want to pay for an MPLS VPN, but wants full mesh connectivity, DMVPN is the best option. If you want hub and spoke, there are a lot of options.
kalebksp wrote: » ilcram19-2, MPLS VPNs don't have a hub nor do they use dedicated private links. The layer 2 connectivity may be provided over something like T1 (or pretty much any other circuit), but the endpoint of that link is the ISPs router. Traffic is kept separate by using VRFs. MPLS VPNs allow any router in the VRF to talk to any other router in the VRF (that's a simplification of how it actually works). As I said before MPLS VPNs are not an overlay VPN.
ilcram19-2 wrote: » i never said there was a hub on an mpls vpn, we were talking about DMVPN.
ilcram19-2 wrote: » you contradict yourself . sayin that they arent dedicated private links but then u say "The layer 2 connectivity may be provided over something like T1 (or pretty much any other circuit), but the endpoint of that link is the ISPs router." what is that call?
ilcram19-2 wrote: » and MPLS or the label tagging protocol doesnt run at layer 2, it adds a extra header between layer 2 and layer 3 aka layer 2.5 were it adds the tag.
kalebksp wrote: » I see that, I misread. You have to have some sort of connectivity to the ISP, right? It could be anything T1, Metro Ethernet, DSL, 56K DDS, etc. When someone says "dedicated private link" they are generally referring to a link from one of their sites to another one of their sites. The customer routers talk to each other directly at L3. In MPLS the customer router talks to the ISP router at L3. I'm aware, but you still need layer 2 connectivity, right?
ColbyG wrote: » wat...?!
kalebksp wrote: » That wasn't aimed at me was it? I'm pretty confident in my explanation, but if I got something wrong I'd like to know.
networker050184 wrote: » I'm pretty sure thats not at you.....
Compare salaries for top cybersecurity certifications. Free download for TechExams community.
