Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
844
Views
5
Helpful
1
Replies

Routing branch site internet traffic via HQ over an MPLS link running GETVPN

de-namza
Level 1
Level 1

‎12-09-2017 10:16 AM - edited ‎03-12-2019 04:48 AM

 Hi,

 

I have a query that i hope someone would be able to clear up and correct my understanding if wrong.

We're currently running GETVPN over Hub/spoke MPLS. The branches/spokes currently have no access to the internet, however now there is a need for them to do that. so now we're thinking of routing the branches internet access via our HQ internet link. It would not be an issue without GETVPN as i have configured similar setups, i was just wondering if this would still be possible with GETVPN still running. 

 

Correct me if i'm wrong on the following:

We're currently running BGP, so if i advertised a default route from the HQ and then permitted only the subnets of the HQ and other spokes in the GETVPN ACL to be encrypted and denied everything else (not encrypted) would that work?

Has anyone set up a similar deployment before?

I've drawn up a simple diagram if that helps.

 

Thanks!

Labels:
Preview file
162 KB
0 Helpful
1 Reply 1
Customers Also Viewed These Support Documents