Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Hub and spoke design for router to router VPN circuits

Can my hub router have two different pre-shared keys to support each spoke router, or does the hub router and two spoke routers need to use the same pre-shared key. An example is as follows:

Hub router crypto isakmp key xxxx123 address 10.10.10.10

crypto isakmp key 123xxxx address 20.20.20.20

Spoke router 1 crypto isakmp key xxxx123 address 11.11.11.11

Spoke router 2 crypto isakmp key 123xxxx address 21.21.21.21

or

Hub router crypto isakmp key xxxx123 address 10.10.10.10

crypto isakmp key xxxx123 address 20.20.20.20

Spoke router 1 crypto isakmp key xxxx123 address 11.11.11.11

Spoke router 2 crypto isakmp key xxxx123 address 21.21.21.21

Does anyone have any thoughts on this scenerio

2 REPLIES
New Member

Re: Hub and spoke design for router to router VPN circuits

Good question. I had the same thought. Your first scenario will work and is best. SInce each pre-shared key is tied to an IP address, for security sake, it is always best to use a unique key between each hub and spoke. I am currently running three spokes from my hub with three different pre-shared keys. It works fine.

HTH

RJ

New Member

Re: Hub and spoke design for router to router VPN circuits

Thanks for your feed back RJ. It will help in deploying this solution in a hub and spoke design

310
Views
0
Helpful
2
Replies