Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
236
Views
0
Helpful
1
Replies

VPN3k - Load balancing and routing between spokes

m.laporta
Level 1
Level 1

‎11-14-2003 10:04 AM - edited ‎03-09-2019 05:32 AM

Hi Experts.

I'm designing a large-scale VPN3k-based hub-and-spoke network (about 400 spokes).

For redundancy, I need to use at least 2 VPN3k's in the hub, and I'm going to leverage the load balancing VCA feature.

The customer says that communication between two spokes might be occasionally needed. This easy to solve if I have only one VPN3k in the hub, but I'm wondering if it would still work with a couple of load-balancing 3k's.

What would happen if the two spokes terminate their tunnels on different hub 3k's?

Could RRI + RIP/OSPF + an additional router solve the problem? Or maybe the additional router is not needed at all (which would make the Customer happier)?

Any ideas are appreciated

Thank you

michele

Labels:
0 Helpful
1 Reply 1

dlac455
Level 1
Level 1

‎11-17-2003 11:17 AM

I'm not able to put a positive spin on this: it won't work. VPN3k's will not route between spokes. The VPN3k will spit the packet out the inside interface, instead of turning it around into the correct tunnel. Good luck!

0 Helpful
Customers Also Viewed These Support Documents