ScreenOS Firewalls (NOT SRX)
Highlighted
ScreenOS Firewalls (NOT SRX)

Design about AC-VPN

‎04-16-2009 03:49 AM

I would like to implement ac-vpn for all branch offices, main office and DR site. I know NHRP is necessary for the ac-vpn. is it possible to configure two NHS? All NHC will point to these two NHS??

 

I am planning main office and DR site will be the NHS. is it possible to do that??

Attachments

4 REPLIES 4
ScreenOS Firewalls (NOT SRX)

Re: Design about AC-VPN

‎04-17-2009 01:07 AM
Can you specify what "AC-VPN" is?
JNCIA-FWV - JNCIA-IDP - Proud JNet Expert shirt owner Smiley Happy
Highlighted
ScreenOS Firewalls (NOT SRX)

Re: Design about AC-VPN

‎04-17-2009 11:32 AM

Its AutoConnect-virtual private network (AC-VPN).

 

Hmm, I think you have to set up 2 AC-VPN. One for the hub and 1 for the backup. Then have OSPF adjust the cost on the backup one so that the preferred one is for the hub.

 

 

But my questions is that, for the traffic on your hub-spoke topology, is a large percentage of the traffic going from spoke to hub or spoke to spoke?

 

Usually the AC-VPN is more efficent if you have alot of stuff going from spoke to spoke.

****pls click the button " Accept as Solution" if my post helped to solve your problem****
Highlighted
ScreenOS Firewalls (NOT SRX)

Re: Design about AC-VPN

‎04-17-2009 05:47 PM
I see one Virtual-router can only configure one NHS or NHC, so do I have to add one more virtual router for each AC-VPN??
Highlighted
ScreenOS Firewalls (NOT SRX)

Re: Design about AC-VPN

‎04-17-2009 06:04 PM
Hmm if you are using just the trust/ untrust vr then you can get away just using those.
****pls click the button " Accept as Solution" if my post helped to solve your problem****