Solved: Re: Hub and Spoke VPN network traffic between two spoke points

asoka · ‎01-07-2011

Hi, I have a hub and spoke VPN network, and all traffic is from remote office to datacenter,

I have a request to build a tunnel between two remote offices to be able to access some servers between two remote offices,

Can I just change the interesting traffic ACLs at to include let say office A to office B within gthe Office A to Datacenter tunnel and Office B to Datacenter tunnel.

By doing this, can I avoide building tunnel between two offices (And B)

Cheers

Federico Coto Fajardo · ‎01-07-2011

Hi,

You can make the traffic between the two spokes go to thru the hub or build a new tunnel between spokes.

If the Hub is an ASA you need to allow same-security-traffic permit intra-interface

If the hub and spokes are routers you can also use DMVPN to dynamically establish a tunnel between spokes when needed.

Federico.

View solution in original post

Federico Coto Fajardo · ‎01-07-2011

Hi,

You can make the traffic between the two spokes go to thru the hub or build a new tunnel between spokes.

If the Hub is an ASA you need to allow same-security-traffic permit intra-interface

If the hub and spokes are routers you can also use DMVPN to dynamically establish a tunnel between spokes when needed.

Federico.

asoka · ‎01-07-2011

Thanks Federico, My hub and spokes are routers(cisco), means I have to add traffic to interesting traffic ACLs and allow fraffic thr firewall isnt it.

Do I have to pay attension to routing of the traffic between spoke sites through hub point.

Cheers

Federico Coto Fajardo · ‎01-07-2011

Correct.

Include the interesting traffic in the ACLs and routing should take care of it.

Are you using a routing protocol or static routes?

Federico.

asoka · ‎01-07-2011

Thanks Federico, I am using static routes

Cheers