Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Hub and Spoke VPN Network

I'm designing a hub and spoke VPN network. I have a headquarters with a PIX 515 and 5 remote offices with 1720's running IPSec and IOS firewall. My question is can Remote 1 talk to Remote 2, 3, 4, and 5 by going through it's tunnel to the PIX, or does Remote 1 need to have a direct tunnel to Remote 2, 3, etc... I realize that the PIX for the most part does not route, but can the remote networks talk to each other through the PIX? Any ideas or reference to configs would be very much appreciated. Thanks in advance.

5 REPLIES
New Member

Re: Hub and Spoke VPN Network

You need to have direct tunnels between each site. Refer to http://www.cisco.com/warp/public/707/ios_hub-spoke.html

The easiest way to fully mesh IOS devices is to use Tunnel Endpoint Discovery (TED) - see http://www.cisco.com/warp/public/707/tedpreshare.html as this minimises the amount of configurate needed.

I'm not sure if the pix supports TED so you may need to define a normal crypto map to get to the traffic to behind the pix. And they use dynamic crypto maps with the discovery keywords for all your remote sites.

New Member

Re: Hub and Spoke VPN Network

He is right about the solution. Only the problem with tunnel end point discovery is it doesn't work with NAT. You have to have legal ip on each desktop since TED uses destination IP address to discover tunnel end point.

Sam Munzani

CCIE # 6479

New Member

Re: Hub and Spoke VPN Network

The Pix acting as the hub will not route traffic between spokes. All spokes will require their own tunnels configured to allow communications to a peer spoke.

New Member

Re: Hub and Spoke VPN Network

New Member

Re: Hub and Spoke VPN Network

Hi,

One to one tunnel is required to establish the VPN between remote routers. It's like meshed tunnels.

Thanks & Regards,

Selva

131
Views
0
Helpful
5
Replies
CreatePlease login to create content