I have a query that i hope someone would be able to clear up and correct my understanding if wrong.
We're currently running GETVPN over Hub/spoke MPLS. The branches/spokes currently have no access to the internet, however now there is a need for them to do that. so now we're thinking of routing the branches internet access via our HQ internet link. It would not be an issue without GETVPN as i have configured similar setups, i was just wondering if this would still be possible with GETVPN still running.
Correct me if i'm wrong on the following:
We're currently running BGP, so if i advertised a default route from the HQ and then permitted only the subnets of the HQ and other spokes in the GETVPN ACL to be encrypted and denied everything else (not encrypted) would that work?
Has anyone set up a similar deployment before?
I've drawn up a simple diagram if that helps.
... View more