Understanding Hub-and-Spoke VPNs
If you create two VPN tunnels that terminate at a device, you can set up a pair of routes so that the device directs traffic exiting one tunnel to the other tunnel. If both tunnels are contained within a single zone, you do not need to create a policy to permit the traffic to pass from one tunnel to the other. You only need to define the routes. Such an arrangement is known as hub-and-spoke VPN. (See Figure 47.)
You can also configure multiple VPNs and route traffic between any two tunnels.
 | Note: SRX Series devices support only the route-based hub-and-spoke feature. |
Figure 47: Multiple Tunnels in a Hub-and-Spoke VPN Configuration
Related Topics
- JUNOS Software Feature Support Reference for SRX Series and J Series Devices
- Hub-and-Spoke VPN Configuration Overview
- Example: Configuring the Hub in a Hub-and-Spoke VPN (CLI)
- Example: Configuring Spoke 1 in a Hub-and-Spoke VPN (CLI)
- Example: Configuring Spoke 2 in a Hub-and-Spoke VPN (CLI)