Picture worth thousands words So i draw 2 different network diagrams involving the VPC Transit infrastructure on AWS using csr1000v.
Direct connection between csr1000v and on premise
Connection using detached VGW instead
Can anyone tell me if there is a big difference between using one or another schema. The major one I see for myself is that using the detached VGW, i don't have to configure the Cisco routers to connect to on premise network and I get even a configuration file for different on premise router: checkpoint, cisco, etc…
So of course, i'm a big fan of the detached gateway diagram but is there any drawback over the direct ipsec connection csr <-> on-premise ?
Thx a lot
btw: My connection would never exceed 100 Mbps, so relatively small throughput
btw2: The router on premise are not from cisco
Best Answer
One interesting point you have pointed out is that one can use non-cisco routers on-prem and configure CSR. Apart from that I would say that if you are using a Multi-site on-prem configuration and with a 2 ISP for (active / failover) config; then detached VGW configuration would help.
You can use DMVPN cloud to setup the multi-site config in CSR v1000.