Hub and Spoke VPN Topology

In a Hub and Spoke VPN topology, a central endpoint (hub node) connects with multiple remote endpoints (spoke nodes). Each connection between the hub node and an individual spoke endpoint is a separate VPN tunnel. The hosts behind any of the spoke nodes can communicate with each other through the hub node.

The Hub and Spoke topology commonly represent a VPN that connects an organization’s main and branch office locations using secure connections over the Internet or other third-party network. These deployments provide all employees with controlled access to the organization’s network. Typically, the hub node is located at the main office. Spoke nodes are located at branch offices and start most of the traffic.

The following diagram displays a typical Hub and Spoke VPN topology.

Diagram illustrating a Hub and Spoke VPN topology