VPN Easy Server and Easy Remote

Unanswered Question
Oct 28th, 2008

We have a Cisco 851 as Easy VPN Server and two Cisco 851 Easy Remote. VPN works between Easy VPN Remote and Easy VPN Server. Is it possible this configuration to work as hub-spoke? Can user behind one 851 Easy VPN Remote "speak" (ping etc..) to another 851 Easy VPN Remote through Easy VPN Server?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
aghaznavi Mon, 11/03/2008 - 14:27

Yes, you can configure to work a hub-spoke. In a hub-and-spoke VPN topology, multiple remote devices (spokes) communicate securely with a central device (hub). A separate, secured tunnel extends between the hub and each individual spoke.

leon.mflai Wed, 11/05/2008 - 09:42

If you need "remote" to "remote" communication, you have 2 choice.

1. Enable EZVPN with VTI. (Support in 12.4T) It allows dynamic routing (because VTI support GRE and Multicast) between each remote site. However, all communication between "spokes" is over "hub "routers.

2. Enable DMVPN, remote routers will dynamically issue Nhrp request to hub routers to resolve another remote site WAN IP address for IPSEC tunnel establishment. All payload traffic communication between "spokes" are directly run between "spokes". It reduce overhead on hub routers.

In generally, I prepare you choose "DMVPN" unless security reason.

Please rate if helpful.

Actions

This Discussion