Hub and Spoke IPsec VPN design with Dynamic Routing

Reply
L0 Member

Hub and Spoke IPsec VPN design with Dynamic Routing

Looking to properly setup Dynamic Routing over a hub and spoke IPsec VPN network. The hub will have 40-50 spokes.  The Hub is running a PA-820.  Spokes will be PA-220.  Voice and data traffic.  There will be minimal traffic between spokes.  My questions are;

 

Is the PA-820 robust enough to handle 40-50 spokes?

Is there any real advantage to using OSPF in this design or will RIPv2 suffice?

 

Thanks

 

Tags (5)
L7 Applicator

Re: Hub and Spoke IPsec VPN design with Dynamic Routing

@Theo_White,

You'll have a max throughput of 400 Mbps with the IPSec traffic, outside of that requirement this should work perfectly fine as long as the rest of the limits fit in line with what you are doing. I'd take a decent look at the datasheet and verify that you wont be hitting any of the limits. 

L7 Applicator

Re: Hub and Spoke IPsec VPN design with Dynamic Routing

Product comparison between PA-220, PA-820, PA-850 and PA-3220

 https://www.paloaltonetworks.com/products/product-comparison.html?chosen=pa-820,pa-220,pa-3220,pa-85...

 

At least regarding your spec sheet your setup will work as already mentionned by @BPry

Highlighted
L7 Applicator

Re: Hub and Spoke IPsec VPN design with Dynamic Routing

Hello,

I would use OSPF but thats just my choice. If the spoke sites dont change and all traffic is tunneled back to the hub, then even static routing would work.

 

Regards,

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!