10-28-2008 12:20 AM
We have a Cisco 851 as Easy VPN Server and two Cisco 851 Easy Remote. VPN works between Easy VPN Remote and Easy VPN Server. Is it possible this configuration to work as hub-spoke? Can user behind one 851 Easy VPN Remote "speak" (ping etc..) to another 851 Easy VPN Remote through Easy VPN Server?
11-03-2008 02:27 PM
Yes, you can configure to work a hub-spoke. In a hub-and-spoke VPN topology, multiple remote devices (spokes) communicate securely with a central device (hub). A separate, secured tunnel extends between the hub and each individual spoke.
11-05-2008 09:42 AM
If you need "remote" to "remote" communication, you have 2 choice.
1. Enable EZVPN with VTI. (Support in 12.4T) It allows dynamic routing (because VTI support GRE and Multicast) between each remote site. However, all communication between "spokes" is over "hub "routers.
2. Enable DMVPN, remote routers will dynamically issue Nhrp request to hub routers to resolve another remote site WAN IP address for IPSEC tunnel establishment. All payload traffic communication between "spokes" are directly run between "spokes". It reduce overhead on hub routers.
In generally, I prepare you choose "DMVPN" unless security reason.
Please rate if helpful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide