Initiate all interesting traffic of the vpn

Mattthew Haworth · ‎08-25-2013

I have a multiisite hub and spoke VPN network. Is there any way to configure the end points to initiate the tunneling for the multiple subnets they are carrying, without traffic being geneterated to each subnet. IE. site a is 1.1.1.1 site b is 2.2.2.2, and so on, hq is 10.10.10.10. Each site routes to each other site through the main vpn tunnel to hq, but, they cannot talk to each other, unless each site tries talking to the others as well, IE if A pings 2.2.2.2 it will not respond until B pings 2.2.2.2, and then they talk fine. Any help or ideas?

Julio Carvajal · ‎08-25-2013

Hello Matthew,

What kind of VPN are you using?

Based on the description you provide us it looks like a particular site has a Dynamic IP address so the other host does not know who the peer is, so until the peer inittiates the VPN it will then know who it is,

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Mattthew Haworth · ‎08-25-2013

The vpns are site to site, each of the spokes connect directly to the hub. Each spoke is a dynamic ip with the hub being static. each spoke only has one vpn peer and that is the hub, and the "main" subnet at the hub is tunneled immediately when the settings are applied in the VPN, but the hub has itself 3 subnets. I have to initiate traffic from the spoke to the other subnets to get them to tunnel. which is in line with having to initiate traffic from spoke to spoke across hub, except in that case, not until the other spoke initiates traffic back, does the routing and traffic flow.

I can provide diagrams and configs if needed, to assist.