![]() On hub router the IOS firewall sees the packets comming from theses spokes (behind NAT) with a source IP address which is the public IP address og the ISP router outside interface. They can only reach local LAN at Hub location and do spoke to spoke. Spokes behind NAT ISP router cannot reach the Internet through Hub location. Spokes NOT behind NAT ISP router (that is to say having the public IP address directly attached at their outside interface) can go to Internet via hub location and all packets are inspected correctly by the IOS firewall and Nat correctly All spokes can have access to local LAN at Hub location. On spokes I have used VRF to seperate DMVPN routning table from Global routning table so I could receive a default route from Hub 1 and Hub 2 to route traffic from spokes to Internet via Hub location ![]() Hub 1 and Hub 2 are configured with IOS Firewall. Hub 1 and Hub 2 are both connected to one ISP and are Internet Gateway for spokes. In case of hardware/Connection to Internet failure Hub 2 become active for DMVPN and Internet. Hub 1 and Hub 2 sends a default route to spokes via EIGRP. All the traffic from spokes has to go via the Hub location so no local internet traffic on spokes. ![]() The customer has some sites where routers are behind some ISP routers which are doing NAT. I have to test a Dual Hub - Dual DMVPN Layout for a customer before we configure it in real production. I really wish that you can help me with the issue I have. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |