Hello Zachary
Take a look at the diagram of the topology once again:
In order to get the FlexVPN network up and running between the Hub and spokes, the only prerequisite is that these routes must have connectivity to each other. This can be across a single switch, across several routers, or it can be across the Internet. Now in the case of a production network where this would typically be over the Internet, many routers would intervene between the hub and spokes, and each router would have its own public IP address in completely different subnets.
In the lab, you want the same thing, simply to have the routers able to ping each other on the IP addresses assigned to their physical interfaces. Specifically:
- Hub 1 should be able to ping 192.168.1.1 and 192.168.1.2
- Spoke 1 should be able to ping 192.168.1.2 and 192.168.1.254
- Spoke 2 should be able to ping 192.168.1.1 and 192.168.1.254
Since in the lab all of the physical interfaces of these routers are on the same subnet, putting in an L2 switch will enable this communication. No configuration on that switch is necessary.
Now once that’s done, FlexVPN will create the tunnels necessary to allow communication between the hub and spokes. Spokes won’t actually learn routes over the L2 switch, but they’ll learn them over the FlexVPN tunnels.
I hope this has been helpful!
Laz