Hub and Spoke IPsec VPN design with Dynamic Routing

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Hub and Spoke IPsec VPN design with Dynamic Routing

L0 Member

Looking to properly setup Dynamic Routing over a hub and spoke IPsec VPN network. The hub will have 40-50 spokes.  The Hub is running a PA-820.  Spokes will be PA-220.  Voice and data traffic.  There will be minimal traffic between spokes.  My questions are;


Is the PA-820 robust enough to handle 40-50 spokes?

Is there any real advantage to using OSPF in this design or will RIPv2 suffice?





Cyber Elite
Cyber Elite


You'll have a max throughput of 400 Mbps with the IPSec traffic, outside of that requirement this should work perfectly fine as long as the rest of the limits fit in line with what you are doing. I'd take a decent look at the datasheet and verify that you wont be hitting any of the limits. 

Product comparison between PA-220, PA-820, PA-850 and PA-3220,pa-220,pa-3220,pa-85...


At least regarding your spec sheet your setup will work as already mentionned by @BPry

Cyber Elite
Cyber Elite


I would use OSPF but thats just my choice. If the spoke sites dont change and all traffic is tunneled back to the hub, then even static routing would work.



Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!