Our current network setup is similar to the one shown in the picture below.
Each site is a different subnet which VPNs into the Atlanta network router for all resources( main domain controllers, servers, network storage, backups, etc.). Each site has a domain controller (replication from Atlanta), storage server (which is same files as the one in atlanta, replicated using DFS) as well as its own print server.
Considering the current network setup, is it possible to create **multiple **site-to-site VPNs? So, a dedicated VPN connection between each site’s router rather than go through Atlanta *(which isn’t the case as of now, so one site doesn’t know the other exists as all of them connect to Atlanta!), *something like a star topology while still maintaining Atlanta as the main site.
If it is possible, would the configuration be similar to that which is between each site and Atlanta (other than the IP info)? Currently, we are using 2600 (I know, end of life on these suckers 
) series cisco routers with max mem… would having multiple vpn tunnels on the router cause problems/performance issues?
Re: Multiple Site-to-Site VPNs?
Usually , you set the VPNs on PIX as it is better equipped, but vpn on router shouldn't be all that bad afterall. I will tell you the PIX scenario. It depends on the license you have on the pix; if you have got enough , then multiple site to site vpns are fair game. I don't imagine router to be any different for a mid size firm. The config would be very similar (peer ip, encryption domain and secret key should be different)
Re: Multiple Site-to-Site VPNs?
Thanks.
Well, the reason why we can't do it on PIX is because it is not available in all sites. Only pix we've got is 515E in Atlanta.
Re: Multiple Site-to-Site VPNs?
by asking for multiple S2S or L2L tunnels, you mean that you dont want the traffic of one site to another site to go through the ATLANTA.
Ok, it can be done, the thing to know here is your license and your bw of each site. then the load of repllication or lets say traffic.
2600 Router can handle some load. but again it will come to what encryption you are slecting and what is the bw you have.
you will need to create STATIC routes on each site, so that the traffic to one site does not go to ATLANTA.
you have any Cisco reading material with you or not ????
tell me if you need something :D
Re: Multiple Site-to-Site VPNs?
I don't think those routers would be able to handle that kind of a load, what with cost routing and all.
The best thing to do (if you do have to have communication between 1 site to another) is to setup proper routing at the Atlanta location using a high end router.
Re: Multiple Site-to-Site VPNs?
I also don't think that 2600s could handle multiple tunnels to multiple sites with efficiency... using 2821s or better is an option but price is big factor in this(obviously!).
The link between sites and internet runs on T1 lines.
We could use MPLS (or frame relay switch) cloud from ISP which would leave most of the equipment untouched other than minor changes to the gateway configs.
