I am trying to create a hub and spoke VPN. I realize route based VPN's would be easier; however, the vendor for spoke A will not return my messages. Therefore, I need to move ahead with a Policy based hub and spoke. I only need 2 spokes (B and C) to go out spoke A. This thread will just talk about spoke A and B. Vendor for spoke A also setup the VPN on the 5XT hub.
I have not found any documents on setting up the policy based hub and spoke. I have created a single policy to go from untrust to untrust but it does not appear to work. No log entries are generated. Intra-zone block is off for the untrust zone. Using a 5XT on the Hub and spoke B. Spoke A is an unknown.
I almost think I need a separate VPN for traffic that will go from Spoke B to Spoke A. That way I can identify which traffic needs to travel from Spoke B to Spoke A.
Am I correct? Can anyone discuss this or help me?
Thank you,
Steven
I have not found any documents on setting up the policy based hub and spoke. I have created a single policy to go from untrust to untrust but it does not appear to work. No log entries are generated. Intra-zone block is off for the untrust zone. Using a 5XT on the Hub and spoke B. Spoke A is an unknown.
I almost think I need a separate VPN for traffic that will go from Spoke B to Spoke A. That way I can identify which traffic needs to travel from Spoke B to Spoke A.
Am I correct? Can anyone discuss this or help me?
Thank you,
Steven