About beiyanlong

beiyanlong · 02-05-2018

Hello Guys, I have a design question. I'm using a Cisco ASR1K as my Internet facing DMVPN Hub router. I know I should place a firewall in front of it. But why not just use built-in ACL to open necessary ports (i.e. UDP 500, 4500 and ESP) on the por...

beiyanlong · 01-26-2018

Can someone tell me what's the best way to block the traffic between spokes? I'm using DMVPN phase 1 + EIGRP with stub design. I send a summary address 0.0.0.0/0 down to all sites. All sites are able to reach other sites via Hub, i want to block thos...

beiyanlong · 02-08-2018

I totally agree and on the same page as you, i already used fVRF for Hub and Spoke Internet connections since they are just being used as underlay network. We have policy that all spokes traffic need to be centralized, which means Hub is pushing a de...

beiyanlong · 02-08-2018

Any comments, thanks in advance!

beiyanlong · 01-31-2018

Thanks, i will dig more info accordingly.

beiyanlong · 01-28-2018

Thanks Peter and M.G. for the quick response. Split-horizon is preventing the routes received from the interface from being sent back to the same interface, not the traffic. So it won't stop spoke-to-spoke communication through the hub. The traffic p...

Member Since	‎01-26-2018 08:25 PM
Date Last Visited	‎02-14-2018 02:10 PM
Posts	6

User Statistics

User Activity

Using ACL for security control for Internet WAN router?

Block DMVPN Phase 1 spoke-to-spoke traffic, all spokes receive default 0.0.0.0/0 route only

Re: Using ACL for security control for Internet WAN router?

Re: Using ACL for security control for Internet WAN router?

Re: Block DMVPN Phase 1 spoke-to-spoke traffic, all spokes receive default 0.0.0.0/0 route only

Re: Block DMVPN Phase 1 spoke-to-spoke traffic, all spokes receive default 0.0.0.0/0 route only