Yes I am able to ping. I did some more testing. Its the issue with port 22 only. For e.g. Client 01 (normal mesh client - 10.90.55.1 ) <--------- Ext01 (hub-spoke - 10.90.55.4 ) - ext01 can ping client01 - ext01 can telnet to any listening port on client01 - If ssh is running on a non-default port on client01, this allow ext01 to ssh to client01 - While ssh is running on non-default port on client01, port 22 is free. So I started a listener on client 01

nc -l 10.90.55.1 22

and then telnet from ext01

telnet 10.90.55.1 22

- this results in connection refused.