03-23-2018 12:22 AM - edited 03-12-2019 05:08 AM
Hello All,
I am having a small network of HQ and branches implemented using DMVPN and everything works fine. The hub is a default gateway for all branches and all traffic going from brunch first reaches the Hub. The problem is that I want to know the best way to control traffic flow between spokes. For example I want to allow only voip traffic between spokes everything else between spokes should be blocked. Anything else is being already inspected by ASA to which HUB is connected and that ASA controls traffic from other zones (DMZ, SERVERS, etc). Which is the preferred way to implement this? Will outgoing ACL on tunnel interface on HUB work?
03-26-2018 10:10 PM
03-26-2018 11:01 PM
03-27-2018 06:51 AM
Yes, in our case all the traffic is passing through HUB. The question is what is the best practice/way to implement control? Outgoing ACL on tunnel interface?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide