Configure Policy Based Hub and Spoke Virtual Private Network (VPN)
| Knowledge Base ID: | KB3927 |
| Version: | 4.0 |
| Published: | 07 Oct 2008 |
| Updated: | 07 Oct 2008 |
| Categories: |
 Firewall/IPSec_VPN ScreenOS |
Configure Policy Based Hub and Spoke Virtual Private Network (VPN)
Problem:
Environment:
Solution:- Using custom zones on the firewall
- Using policy based VPN
- Traffic from spoke network cannot reach the other spoke network via the hub firewall
Policy Based Hub and Spoke VPN are not supported when using custom zones.
Hub and Spoke is only supported if the default Trust and Untrust zones are used.
However, Route Based Hub and Spoke VPN is supported for all zones. For more information, see KB3418 - How do I Configure a Hub and Spoke Route Based VPN.
Purpose:Hub and Spoke is only supported if the default Trust and Untrust zones are used.
However, Route Based Hub and Spoke VPN is supported for all zones. For more information, see KB3418 - How do I Configure a Hub and Spoke Route Based VPN.
Troubleshooting
