×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

VPN Easy Server and Easy Remote

Unanswered Question
Oct 28th, 2008
User Badges:

We have a Cisco 851 as Easy VPN Server and two Cisco 851 Easy Remote. VPN works between Easy VPN Remote and Easy VPN Server. Is it possible this configuration to work as hub-spoke? Can user behind one 851 Easy VPN Remote "speak" (ping etc..) to another 851 Easy VPN Remote through Easy VPN Server?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
aghaznavi Mon, 11/03/2008 - 14:27
User Badges:
  • Silver, 250 points or more

Yes, you can configure to work a hub-spoke. In a hub-and-spoke VPN topology, multiple remote devices (spokes) communicate securely with a central device (hub). A separate, secured tunnel extends between the hub and each individual spoke.


leon.mflai Wed, 11/05/2008 - 09:42
User Badges:

If you need "remote" to "remote" communication, you have 2 choice.


1. Enable EZVPN with VTI. (Support in 12.4T) It allows dynamic routing (because VTI support GRE and Multicast) between each remote site. However, all communication between "spokes" is over "hub "routers.


2. Enable DMVPN, remote routers will dynamically issue Nhrp request to hub routers to resolve another remote site WAN IP address for IPSEC tunnel establishment. All payload traffic communication between "spokes" are directly run between "spokes". It reduce overhead on hub routers.


In generally, I prepare you choose "DMVPN" unless security reason.


Please rate if helpful.

Actions

This Discussion