Hi,

Implementing multipoint-to-point (Hub and spoke) vpn was tough on me. More has to do with my inexperience with proper policies and overlook, thanks to many hours troubleshooting, I should now be able to set it up without any errors.

Topology

topology

Requirement – R1 will be the Hub vpn site and R2 and R3 will be the spoke routers

Below diagram is a rough view

Attachment-1

verifying the connectivity between spokes and hub

2_hub_reachability_spoke_check

3_hub_ike_allow_check

configuring st0 interface as multipoint on hub router, not required on spokes

4_st_interface_config

Defining Ike Peers and Ipsec configuration- Notice two different vpns sections for two spokes

6_defining_respective_ipsec

5_defining_respective_ike_for_peers

Attachment-1

7_defining_st0_zone

8_vpn_zone_policy

8_verifing_ipsec

Nex posting would be on Configuring OSPF and BGP via this Hub-and-Spoke Vpn

Regards

Rakesh M

Advertisements