VPN3000 - VPN3002 Hub and Spoke

engel · ‎09-04-2002

Dear All,

Does it possible for the following scenario ?

Branch1---VPN3002 ---Internet---VPN3060---Internet---VPN3002---Branch2

Requirement 1: VPN3002 at Branch1 creates a tunnel to VPN3060

Requirement 2: VPN3002 at Branch2 creates a tunnel to VPN3060

Requirement 3: VPN3002 at Branch 1 connects to Branch 2 through VPN3060

Requirement 1 & 2 is possible but how is the possibility of requirement 3 ?

Appreciate for any help

awaheed · ‎09-05-2002

Hi,

You should be able to define the Network list on the 3060 to be sent down to the Branch 1 3002, which will include the Network for the Branch 2 aswell.

So in this way Branch 1 will send the information through the tunnel to the Corporate for Branch 2 aswell, and do the vice versa for the Split tunnel list for Branch 2 group.

Hope this helps,

Regards,

Aamir

-=-

engel · ‎09-05-2002

Thanks Aamir,

Base on your suggestion, please kindly assist for the following questions:

1. Does VPN3060 re-route the packet with a destination address to Branch2 from Branch 1? How VPN3000 recognizes that the packet is not belongs to the network it is responsible for ?

2. If the VPN3000 learns the routes from both of branches through RRI (VPN3002 with Network Extension Mode) , does it still need to define the network list to be sent to both branches ?

3. Another option other than using VPN3002 at branches is using PIX (501 or 506). Does hub&spoke solution also possible with PIX at spoke and VPN3000 at hub , connection between spokes are through hub.

Really appreciate for your help.

Best Regards,

Engel