Avatar of ctagle
Flag for United States of America asked on

Configure Multiple Site to Site Tunnels to One Location with Cisco Routers

Trying to figure out if its possible to setup multiple site to site connections to one location.  Situation is this, there are 12 offices, one of which is the HQ office, I'm wondering if its possible with a large enough Cisco router to create a site to site tunnel from each location to HQ, so basically 11 tunnels all ending at the HQ router.   The reason for setting this up is that each location needs to have the ability to communicate with the HQ server in a secure fashion.  Is this setup possible?  If so I was thinking I would use GRE and IPSec with IKE authentication being done using a pre-shared key (side question:  for this does IKE use the same key for each tunnel or different, i'm thinking different but i could be wrong).  I'm also thinking of implementing QoS for each tunnel to ensure one tunnel doesn't eat up to much bandwidth.  Is this the best way of doing this, or can ya'll think of something better.  I'm also wondering if its possible with this setup for the other sites to communicate with one another if necessary.
RoutersVPNInternet Protocol Security

Avatar of undefined
Last Comment

8/22/2022 - Mon

Yes, you can have multiple site to site VPNs terminating on a "central" site.

Each site would need to be on a non overlapping subnet to every other site to be able to do this without NAT.

The size of the router would be dependant on the VPN bandwidth that you required rather than the number of VPNs.

You might also look at the Cisco ASA firewalls instead of using routers.

Thank you for the information, its extremely helpful, I'm hoping to get a timewarner fiber line in, to provide around 5 mbps upload to each site, 11 remote sites is about 55 mbps possible at maximum utilization, and of course another 5 for the HQ site itself to use so 60 mbps maximum i would think.  I don't think overlapping IP's would be an issue, they are all going to have their own Internet connection from an ISP.  What size cisco router would you say I would need for that?

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.

Ah ok local LAN subnet.

So theoretically the firewall would be operating, at peak times, at 60 percent load, allowing for a little bit of growth.  The 5510, at 170, allows for growth to twice as many remote sites with VPN lines, I'm not sure which would be more of a worthy investment though.

I am definitely beginning to favor the ASA as a solution instead of the router solution though.
Your help has saved me hundreds of hours of internet surfing.

I would start with a 5505 at the main site, if you add more sites and require more bandwidth at the main site, it could be re-used at a remote site.

Excellent, thank you for all the info, it will be a huge help.