cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
445
Views
0
Helpful
1
Replies

VPN between several sites.

pemelin
Level 1
Level 1

Is it possible to have routing between the spoke-sites in a hub-and-spoke VPN, or do I need to set up a fully meshed VPN? I'm using IOS routers.

1 Reply 1

nohare
Level 1
Level 1

As long as the 'hub' router has Access-lists that permits encryption between your multiple 'spoke' site IP subnets then it should wokr fine. I have a 2600 acting as a 'hub' and a 4 remote VPN sites and it works fine.

With the Hub and Spoke VPN scenario. For traffic flows between 'spoke' sites, the 'hub router will have to process each and every packet(decrypt, process through ACLs and then encrypt again, this can load the router quite significantly) as it enters and then leaves for another 'spoke' site. If you create a slightly more complex full-mesh scenario, then your 'hub' router will not need to process traffic flows between remote sites as they are delivered directly. You have to make sure though that your crypto access-lists are accurate and you have the correct routes in place to reach all your sites.

Also, unless you have already implemented failover, your 'hub' is a single point of failure in a 'hub' and 'spoke' scenario.

nathan.ohare@dsnuk.com