Am 17.03.2016 um 15:46 schrieb Mohammad Khalil: > Dears > I have 100 branch and 1 HQ for a customer > The proposed MPLS L3VPN > What am seeking is to control spoke to spoke communication > i.e. no communication for the spoke except with the hub , even if I wanted > the spoke to communicate with another spoke it should be through the hub site > I have one VRF configured
As already suggested by others, create an additional VRF to distinguish between upstream and downstream traffic and use the "Half Duplex VRF" feature. We've done this with ~150 branches to route all traffic among the spokes through a ASA firewall connected to the hub in the data centre. Maybe there could also exist a solution with DMVPN. But because HD VRF was much easier to implement in our environment I haven't follow any approach in this regard. -- Gerald _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
