Hi all
I'm currently designing a deployment with FlexVPN.
For reference i'm using a lot of iWAN documents as they're more comprehensive than anything about FlexVPN, and the differences between FlexVPN and DMVPN don't mean much for topology anyway,
I've seen quite a few designs with this kind of setup for the hub routers in the hub site (in my case it is the corporate head office)
https://i.imgur.com/cBCghgJ.jpg
The "outside" of the hub routers is NAT'ed to public IPs which the spokes create tunnels to, and the traffic to them is mananged by a firewall, which is fine, but wouldn't this mean that the tunnels terminate on the "inside" LAN, bypassing the hub site's firewall, which seems like a security risk to me ... im not sure I trust my branch offices that much?
Thanks in advance
No comments:
Post a Comment