ScreenOS Firewalls (NOT SRX)
Highlighted
ScreenOS Firewalls (NOT SRX)

VPN Hub and Spoke

06.12.12   |  
‎06-12-2012 03:49 AM

Dear All.

 

I have some problem with VPN Hub and spoke.

I have configure VPN hub and spoke, and traffic from spoke to hub has no problem

but the traffic from Hub to Spoke cannot pass through.  the policy already any to any and routing from hub to spoke already using interface tunnel.

 

is there any configuration that I missed..

 

Thanks before.

 

Roy

 

5 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: VPN Hub and Spoke

06.12.12   |  
‎06-12-2012 12:55 PM

Check you spoke policies, also try pinging out to the spoke with your trusted interface as the source.

ScreenOS Firewalls (NOT SRX)

Re: VPN Hub and Spoke

06.12.12   |  
‎06-12-2012 07:00 PM

The spoke has no policy it just modem + router, the strange is when i try to ping from the client behind the Hub with the destination is client behind the spoke, i dont see any traffic goes out, if I check log from policy in the Hub.

 

meanwhile, the zone for the tunnel in the zone i choose for the policy for this traffic, and the routing for the client behind the spoke already set into the tunnel interface....any clue ??

ScreenOS Firewalls (NOT SRX)

Re: VPN Hub and Spoke

06.13.12   |  
‎06-13-2012 01:40 AM

Hi,

 

Can you share the configuration on both sides?

A debug can be tried on the HUB side to confirm if it is routing the packets as desired.

 

Thanks.

Hardeep

ScreenOS Firewalls (NOT SRX)
Solution
Accepted by topic author Mangapuly
‎08-26-2015 01:27 AM

Re: VPN Hub and Spoke

06.13.12   |  
‎06-13-2012 06:43 AM

If you are not seeing any traffic in the policy log then that is probably where the issue is.

 

Have you got the "from" and "to" zones correct? If you have created a seperate zone then this could be the issue.

ScreenOS Firewalls (NOT SRX)

Re: VPN Hub and Spoke

06.14.12   |  
‎06-14-2012 12:23 AM

Hi,

 

Are the tunnel routes active (marked with *) when you display them with get route?

 

Kind regards,
Edouard