Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

hub-and-spoken VPN

In hub-and-spoken topology,all hubs can set up ipsec vpn tunnel to spoken.When station from one hub wants to visit station from other hub,do I only change acl to implement it?

for example:

hub,spokenA and spokenB start to set up vpn tunnel when traffic fit to below acl

spokenA:

access-list 101 permit ip <spokenA subnet> <hub subnet>

access-list 101 permit ip <spokenA subnet> <hub subnet>

hub:

access-list 101 permit ip <hub subnet> <spokenA subnet>

access-list 101 permit ip <hub subnet> <spokenB subnet>

access-list 101 permit ip <spokenA subnet> <spokenB subnet>

access-list 101 permit ip <spokenB subnet> <spokenA sbunet>

spokenB:

access-list 101 permit ip <spokenB subnet> <hub subnet>

access-list 101 permit ip <spokenB subnet> <hub subnet>

1 REPLY
New Member

Re: hub-and-spoken VPN

Hello,

What platform and version are you using?

Your configuration above would not work so well, as your not defining at each spoke access to the other spoke.

Update the acls on the spokes to include

spoke A

access-list 101 permit ip

Spoke B

access-list 101 permit ip

this is very dependant on platform and version. I.e pix 515 running software version 6 will not work.

Tim

135
Views
0
Helpful
1
Replies