Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

Hub And Spoke VPN

  • Filter
  • Time
  • Show
Clear All
new posts

  • Hub And Spoke VPN

    Hello guys,

    i am really stuck here.

    First of all i am new to cisco devices, i am going on a course the 16th this week. (ICND)

    We have a customer that has a situation that cannot wait till after the course, so maybe one of you could help me.

    Please see the attachement.

    What i (and the customer) want is a Hub And Spoke VPN.

    The Firewall is a NetASQ Firewall and this one is setup correctly i'm sure of that beacause i am certified 3 times for this firewall and have several Hub And Spoke installations running but with different routers.

    When the customer at goes to the internet i would like to first pass the firewall and than the internet. This way it is easy to manage and only the firewall has to be configured.

    So it's like the remote network in the VPN must be:

    It also must be that the outside interface must be reachable for management in case of troubleshooting.

    The Cisco 878 is a SDSL Router and has NAT enabled.

    Now i have a VPN setup but it's from network to network.
    Attached Files
    Last edited by danny230681; 6th October 2006, 10:18.

  • #2
    Re: Hub And Spoke VPN

    HI Danny

    So I understand that you don't want to do a split tunnel. You want the remote VPN router to connect to the HQ firewall and then, if needed, access the Internet.

    You are correct that the remote VPN device must have a default gateway to point to the HQ firewall (the route).

    So, what is the issue you are having? Are you saying that the VPN comes up between the two sites and you can ping from 10.x.x.x network to 10.x.x.x network but you cannot communicate to the Internet?

    Thanks for the post!

    David Davis - Petri Forums Moderator & Video Training Author
    Train Signal - The Global Leader in IT Video Training - Free IT Training Products
    Personal Websites: &


    • #3
      Re: Hub And Spoke VPN

      Ok, i think i have figured it out.

      I have turned off NAT.

      And created a tunnel with the remote network:
      The firewall on the HQ does NAT for this network.

      If i am correct this will always put all traffic trough the tunnel is it?

      I am not able to test it yet.

      Please, do not close this topic as i will reply to it if i managed to test it.


      • #4
        Re: Hub And Spoke VPN


        Sweet, it works.

        It sends everything over the tunnel now.