Hi,
I’m fairly new to MT, and not exactly sure which supported VPN technology would be best suited for my needs.
I’d like to create the attached topology with MT devices, and need to establish S2S VPN connection from the HQ site, to each branch site.
The requirements are simple: need OSPF, some basic QoS for VoIP, and needs to work with either dynamic/static public IPs, and also in some cases with private NATted IPs. Obviously, it must be fairly secure. If it were Cisco, I’d probably go with DMVPN or something similar for this setup, but this project uses MT. Good performance is quite important, meaning it should be near the advertised rates for the devices. I’m planning on using CCR1036 or CCR1072 for central, RB3011s for heavier branches, and hEX-es for the lighter ones.
I was thinking about using ipsec tunnels with VTI interfaces and running OSPF on it, but looking at the device i don’t think it is capable of using VTIs. I looked at IPIP and GRE over IPSEC, but not sure if they will work with my diverse public ip setup.
Do you have any recommendations for the VPN setup?