Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello Guys,
I have a design question. I'm using a Cisco ASR1K as my Internet facing DMVPN Hub router. I know I should place a firewall in front of it. But why not just use built-in ACL to open necessary ports (i.e. UDP 500, 4500 and ESP) on the por...
Can someone tell me what's the best way to block the traffic between spokes? I'm using DMVPN phase 1 + EIGRP with stub design. I send a summary address 0.0.0.0/0 down to all sites. All sites are able to reach other sites via Hub, i want to block thos...
I totally agree and on the same page as you, i already used fVRF for Hub and Spoke Internet connections since they are just being used as underlay network. We have policy that all spokes traffic need to be centralized, which means Hub is pushing a de...
Thanks Peter and M.G. for the quick response. Split-horizon is preventing the routes received from the interface from being sent back to the same interface, not the traffic. So it won't stop spoke-to-spoke communication through the hub. The traffic p...
