[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] vpn with large number of nodes
Title: vpn with large number of nodes hi all some client of ours wants to vpn´ize their network. All the remote lans are connected via 2mb link to the client backbone, main office has 34mb to the net. Well, the client is an ISP-type company, so all nodes have direct access to the net, but they want to encrypt traffic between all their offices. Do you have to set up a meshed vpn, so that there are encrypt rules for all point to point links (so 5 nodes would have 9 encrypt rule pairs?). Or is it possible to run a single encrypt rule from each remote office to HQ, and pass traffic from one remote office to another via the HQ? I´m thinking towards the meshed setup, otherwise how will you route traffic? It´s not like there are tunnels setup or anything? just had another thought (whew!): would this setup work?: src dst action target
Seeing as each gateway has an encryption domain defined, which is part of the group of networks "grp_all_lan_nets", and the encrypt action is applied to all peers, each gateway will know which remote gateway to set up an SA with. Is this right or am I babbling? this will all be done with fw-1 on nokia, HQ will have a redundant nokia setup, and there are about 15 remote offices Europe-wide. cheers
|