Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

hub to spoke network


 please guide me .how i can make my internal lap ip address (ex.10.1.x.x) acessiable to spoke location ip address range 10.240.x.x in hub spoke network topology . since 10.1.x.x is hub location lan address. currently i'm able to ping from spoke router to my hub router lan ip address where as from my hub router,i can reaches to my internal lan as well as spoke router.. when i traceroute from spoke router .i find .i am able to reach upto hub router only .after that i die. plz suggest me .what should i do. ? thanks in advance.

Hall of Fame Super Blue

How does the routing

How does the routing currently work for the spokes ?

Are you advertising a default route to the spokes ?

From a spoke router when you do a traceroute to the 10.1.x.x IP how far does it get ?

Is there a firewall at the hub site that traffic has to go through ?


New Member

in short i would like to say

in short i would like to say that . from spoke router ,i am able to ping hub lan ip .then after there is firwall inside where  our lan is working. my firewall is unreachable from spoke router . form my syamatic server (inside my lan ) i am able to ping spoke router lan ip .  

New Member

 I am working in a HeadOffice

 I am working in a HeadOffice  of an organisation. having HUB-SPOKE network topology having several branches in remote area. MPLS VPN Link is given by the ISP. . i have put on symatice server inside the organisation having different lan ip address . series is 10.1.x.x  (my lan ip series)where as on HUB (headoffice vpn router)lan ip address is 10.240.x.x and remote branches  address is 10.240.y.y   . i'm able to ping the branches ip address and also symantic server ip address 10.1.x.x from hub router. but i'm unable to ping form branches router.  when i trace it .it come to my hub router lan after that it die. there is firewall after that having ip address 10.240.x.(x+1) and lan ip address is 10.1.x.x .  please guide me .how i can make my symantic server able to ping from branches.since my symentic server is pinging to hub lan ip address and spoke lan ip also by pass the firewall.Plz reply .thankx in advance. if there is issue in firwall than reply me what i should do on my 10.1.x.x is passing it. i'm need ur help to over come this issue. thanx.

i am sure the problem in your

i am sure the problem in your firewall, because you can ping from server to branches but they cannot , it is the default firewall behavior, from lower security level to high not allowed but higher to low is allowed.

see the diagram, is it , or any modification 

if possible then post the hub router and firewall config




New Member

firewall is fortigate600c .

firewall is fortigate600c . if i ping form my spoke router using command to my server gateway by typing "ping 10.1.x.x  -i 10.240.x.x " that is successfull. 10.240.x.x is my branches ip address.

plz guide me ..

CreatePlease to create content