Knowledge Search


×
 

[Archive] When can we configure Policy Based Hub and Spoke Virtual Private Network (VPN)

  [KB3927] Show Article Properties


Summary:
When can we configure Policy Based Hub and Spoke Virtual Private Network (VPN)
Symptoms:
Environment:
  • Using custom zones on the firewall
  • Using policy based VPN
Symptoms & Errors:
  • Traffic from spoke network cannot reach the other spoke network via the hub firewall
Cause:

Solution:
Policy Based Hub and Spoke VPN are not supported when using custom zones.

Also, it cannot be used if the source and the destination zone are the same because we cannot have intra zone policy with action as tunnel.

Hub and Spoke is only supported if the default Trust and Untrust zones are used.

For the steps to configure hub and spoke policy based VPN, refer to the KB27419 - Configuring policy based Hub and Spoke VPN.

However, Route Based Hub and Spoke VPN is supported for all zones.  For more information, see KB3418 - How do I Configure a Hub and Spoke Route Based VPN.
Related Links: