Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN between several sites.

Is it possible to have routing between the spoke-sites in a hub-and-spoke VPN, or do I need to set up a fully meshed VPN? I'm using IOS routers.

New Member

Re: VPN between several sites.

As long as the 'hub' router has Access-lists that permits encryption between your multiple 'spoke' site IP subnets then it should wokr fine. I have a 2600 acting as a 'hub' and a 4 remote VPN sites and it works fine.

With the Hub and Spoke VPN scenario. For traffic flows between 'spoke' sites, the 'hub router will have to process each and every packet(decrypt, process through ACLs and then encrypt again, this can load the router quite significantly) as it enters and then leaves for another 'spoke' site. If you create a slightly more complex full-mesh scenario, then your 'hub' router will not need to process traffic flows between remote sites as they are delivered directly. You have to make sure though that your crypto access-lists are accurate and you have the correct routes in place to reach all your sites.

Also, unless you have already implemented failover, your 'hub' is a single point of failure in a 'hub' and 'spoke' scenario.

CreatePlease to create content