01-07-2011 06:38 AM
Hi, I have a hub and spoke VPN network, and all traffic is from remote office to datacenter,
I have a request to build a tunnel between two remote offices to be able to access some servers between two remote offices,
Can I just change the interesting traffic ACLs at to include let say office A to office B within gthe Office A to Datacenter tunnel and Office B to Datacenter tunnel.
By doing this, can I avoide building tunnel between two offices (And B)
Cheers
Solved! Go to Solution.
01-07-2011 06:51 AM
Hi,
You can make the traffic between the two spokes go to thru the hub or build a new tunnel between spokes.
If the Hub is an ASA you need to allow same-security-traffic permit intra-interface
If the hub and spokes are routers you can also use DMVPN to dynamically establish a tunnel between spokes when needed.
Federico.
01-07-2011 06:51 AM
Hi,
You can make the traffic between the two spokes go to thru the hub or build a new tunnel between spokes.
If the Hub is an ASA you need to allow same-security-traffic permit intra-interface
If the hub and spokes are routers you can also use DMVPN to dynamically establish a tunnel between spokes when needed.
Federico.
01-07-2011 07:03 AM
Thanks Federico, My hub and spokes are routers(cisco), means I have to add traffic to interesting traffic ACLs and allow fraffic thr firewall isnt it.
Do I have to pay attension to routing of the traffic between spoke sites through hub point.
Cheers
01-07-2011 07:08 AM
Correct.
Include the interesting traffic in the ACLs and routing should take care of it.
Are you using a routing protocol or static routes?
Federico.
01-07-2011 07:12 AM
Thanks Federico, I am using static routes
Cheers
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide