02-14-2017 09:41 AM
I hope I chose the correct board.
I'm setting up an environment that has a 7010 controller that is acting as a VPN concentrator. A bunch of offices with IAPs connected back via VPN. The 7010 is the VPN concentrator. It also exports the learned the IPSec routes into OSPF (router ospf redistribute rapng-vpn).
We have 3 offices that it was decided to deploy 7005 controllers. What I'm wondering is if these controllers can connect to the VPN concentrator like an IAP?
From what I've read, if they are deployed as a branch office controller then yes. However, a branch office deployment requires the VPN concentrator to be a 7200 series. This is only a 7010.
I can setup a traditional IPSec configuration, create an OSPF stub area to handle these 3 locations but I"m trying to keep things simple.
Thanks in advance.
02-20-2017 02:44 PM
You are correct with the 72xx series for controlling branch controllers.
If your looking to use similar configs on all of the 7005's, you may want to user a master/local setup for syncing configs across the enviornment.
This still wont help with the transport issue you seem to be running into, and you will need to setup vpn for the hub-and-spoke topology with your preference of routing.
03-02-2017 03:28 PM
I ended up just doing a traditional GRE tunnel through an IPSec tunnel and configuring OSPF.
For full mesh, it's the same thing just with additional GRE tunnels and IPSec tunnels.
I configured interface priorities for the 7000 series controllers at the two largest locations (with the more powerful controllers) to act as DR & BDR.
Thanks for commenting; much appreciated!