Hey there networking community. I've been tasked with redesigning our current DMZ layout.
Currently, the design is silo-ed. We have spokes terminating at dual hubs running hsrp which allows access to a topology of a technology demonstration for a specific industry such as enterprise or collaboration. If you need to access a different demonstration, you'll have to configure a different tunnel with a different hub where it'll terminate. After a topology is deployed, that demonstration may be used on the road for a few years. All you have to do is configure a tunnel on that spoke terminating into the hub of the demo you'd like to access.
Well after a decade of using this design, it has become increasingly difficult to manage since we now have multiple pairs of DMVPN hub's throughout our DMZ (10+ pairs). Employee turnover has also made it difficult to access the previous employees demo topology.
I'd like to design a dual DMVPN hub running HSRP where all the spokes terminate so that we have one central location of management. The part that I'm finding difficult is the routing between the spoke and the demos behind the hub. Since all spokes will terminate at this dual hub pair, running EIGRP and advertising every network will allow every demo to communicate with each other. This cannot happen since some of the subnetting conventions overlap.
Ideally, I'd like to have the spokes route directly into a specific demo by bringing up a tunnel. I am not sure how to accomplish this though. Any ideas would be appreciated! Thanks for your help Reddit!
No comments:
Post a Comment