I have a couple of questions on Auto VPN and mesh…
Hi ,
respone 1: That is correct, every member should be reachable from the other to form a full mesh tunnel.
respone 2: In case of (hub/spoke) , the spoke will failover to the secondary wan automatically because in case of spoke the tunnel is in initiator mode and the failover is supported.
At some point will spoke connections be able to use dynamic ips and dynamic dns to connect to a hub that has public IP?
This would be a scenario for retail stores in malls connecting into a central office for example…
Currently, when adding a hub to the AutoVPN group, users can either provide a static public routable IP address or, if the interface has a dynamic public IP, they can provide the Dynamic DNS FQDN. This FQDN will be pushed to the spokes as the remote hostname while forming the IPsec tunnel.
This setup is supported and should work as expected. Please give it a try and let me know your observations.