Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN hub and spoke with communication between spokes

I know the limitations of PIX in doing this, I would rather not use a router to do this. Does anyone know if the VPN Concentrator would work in this setup. ie VPN remote sites connect into a centralised hub VPN Concentrator. Remote sites can then communicate with each other. I am looking at deploying IP Telephony over VPNs but need end stations to communicate with each other as well as the main site.

  • Other Security Subjects
2 REPLIES
New Member

Re: VPN hub and spoke with communication between spokes

Good old CCO found the answer it can be done using what is known as Reverse Route Injection (RRI) on the VPN Concentrator. Right better get it running then.

New Member

Re: VPN hub and spoke with communication between spokes

Be Careful!

I spent many hours debugging this. We do what you are trying to implement. The problem is the VPN concentrator will NOT communicate between spokes. However, it will spit the packets out the inside interface. Using a router behind the concentrator as the default next hop address, I turned off ICMP redirects on the router interface. This allows the packets to come out of the 3030 to the router, turn around and be sent back to the 3030. Kluge? yes! Now that TAC support has moved to Mexico, I can't even get the TAC guy to understand the problem. I gave up. A Cisco SE in Houston gave me this workaround and his sympathy. Good Luck!

157
Views
0
Helpful
2
Replies