I am trying to interconnect different hubs of the same vpn server using virtual L3 switch and static routes to redirect the traffic.
However, using this method the connectivity is bi-directional and I just want Hub 1 to be able to connect to the others, but that these hubs are not able to connect.
Theoretically if you don't include routes on the other hubs that redirect traffic to Hub 1 the packets don't arrive but the connection exists and if someone acchieve to send the packets to the correct interface they would be able to do so.
Is there a way to block the connection and make it one-way from Hub 1 to the other hubs?
This is an example of the current arquitecture:
EDIT: one way to minimize the risk is to create one virtual L3 switch for each hub we want to connect (n hubs - 1 switches), so that only hub 1 has a direct connection with the others. Even so, the problem of blocking the connection from the hubx to the hub 1 is still present