<div>
You can not use LANs of the spokes in the Nonat rule on the hub, your site to site hub to spoke using dynamic publishing networks, while your ACL will dictate whether the spoke has access rights to the other remote spoke.<br />
Limit the advertising of routes hub to spoke ....... Just the segments to which it can go.<br />
Make sure you also do not exempt IPSec/VPN from nat rules.<br />
This way your hub ACL rules along with your network advertisement will dictate which and whether a spoke can access another spoke via the hub.<br />
<br />
Since you mentioned a spoke, you do not have a mesh setup where certain spokes have direct connection between them.
</div>


<div>
thanks arnold<br />
i need to prevent Spokes to receive other Spokes routs<br />
<br />
thanks
</div>


<div>
Control the advertisement of those routes to the spokes, it sounds as though your HUB transmits the same set of routes to all spokes.<br />
<br />
Does the Cisco cover your setup?<br />
<a href="http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/29240-dcmvpn.html" rel="ugc">http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/29240-dcmvpn.html</a><br />
<br />
I.e. whether the spoke to spoke communication is not via the HUB but rather the spoke initiates/establishes a VPN connection directly to the spoke to which there is traffic .......?
</div>


<div>
<div class="content wysiwyg-content">
In DMVPN Phase 3, I need to deny Spokes to reach each other, except a certain Spoke I will name it here SPOKE-X.<br />
I need all the Spokes to communicate with SPOKE-X, but all the Spokes must not communicate with each other.<br />
<br />
With DMVPN Phase 1, the answer is turn of &nbsp;split-horizon on tunnel interface and to use Distribute-List in the EIGRP (My interior routing protocols).<br />
<br />
I will upgrade My DMVPN to Phase 3, to Save the Bandwidth on the HUB for the Traffic from Spokes to SPOKE-X<br />
<br />
&nbsp;I need your help please.
</div>
</div>


In DMVPN Phase 3, I need to deny Spokes to reach each other, except a certain Spoke I will name it here SPOKE-X.
I need all the Spokes to communicate with SPOKE-X, but all the Spokes must not communicate with each other.

With DMVPN Phase 1, the answer is turn of  split-horizon on tunnel interface and to use Distribute-List in the EIGRP (My interior routing protocols).

I will upgrade My DMVPN to Phase 3, to Save the Bandwidth on the HUB for the Traffic from Spokes to SPOKE-X

 I need your help please.

DMVPN 3, deny Spoke to Spoke Traffic, and allow a certain Spoke to be reached by the other Spokes.

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Network Security

Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.

Networking

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.