Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
791
Views
0
Helpful
3
Replies

DMVPN control traffic between spokes

neroshake
Level 1
Level 1

‎03-23-2018 12:22 AM - edited ‎03-12-2019 05:08 AM

Hello All,

 

I am having a small network of HQ and branches implemented using DMVPN and everything works fine. The hub is a default gateway for all branches and all traffic going from brunch first reaches the Hub. The problem is that I want to know the best way to control traffic flow between spokes. For example I want to allow only voip traffic between spokes everything else between spokes should be blocked. Anything else is being already inspected by ASA to which HUB is connected and that ASA controls traffic from other zones (DMZ, SERVERS, etc). Which is the preferred way to implement this? Will outgoing ACL on tunnel interface on HUB work?

 

 

Labels:
0 Helpful
3 Replies 3

neroshake
Level 1
Level 1

‎03-26-2018 10:10 PM

Any idea ?
0 Helpful

Mohammed al Baqari
Level 11
Level 11

‎03-26-2018 11:01 PM

Easiest is to go for Phase-I DMVPN to make it hub and spoke. In this case
all traffic pass through HUB and you can control whatever you want
0 Helpful

neroshake
Level 1
Level 1
In response to Mohammed al Baqari

‎03-27-2018 06:51 AM

Yes, in our case all the traffic is passing through HUB. The question is what is the best practice/way to implement control? Outgoing ACL on tunnel interface?

0 Helpful
Customers Also Viewed These Support Documents