This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

from ipsec to ipsec

Hi,
I have 3 sites connected with ipsec & asl v5. Setup is like this:
site1 site2 site3
My problem now is, how to get from site3 to site1 and backwards ? I have been fidling with static routing but nothing seems to work. I don't have to create an ipsec from site3 to site1 , right ?

Grtz,
Bjorn

This thread was automatically locked due to age.

0 Gert Hansen over 20 years ago

Hi there,
what you are looking for is a so called 'Hub and Spoke" setup.
This can not be acchieved by any routing tricks, but only by propper ip addressing.

What you need to do is that all 3 internal network must be part of one supernet.
i.e:
LAN 1: 192.168.1.0/24
LAN 2: 192.168.2.0/24
LAN 3: 192.168.3.0/24

SuperNet: 192.168.0.0/22

You now need to create a tunnel :

- LAN 1 to SuperNet on FW2
- LAN 3 to SuperNet on FW3

if you now have configured your packetfilter correctly you can access all three LAN's with two tunnels.

a 'routing'-way is not possible.

i hope that helps,
regards
Gert
Cancel
Vote Up 0 Vote Down

Cancel
0 bjox over 20 years ago in reply to Gert Hansen

Yes yes, i see now
Is it a problem if LAN1 is a range in 192.168.0.0/24 ?

And would it still work if I only do the following?
- LAN1 to SuperNet on FW2
- LAN3 "normal" site2site ipsec to FW2
Or won't the packets from LAN3 find their way back to LAN1 ?

Grtz,
Bjorn
Cancel
Vote Up 0 Vote Down

Cancel
0 Taharqa over 20 years ago in reply to Gert Hansen

Gert, might I suggest you add this tip to the knowledge base as hub & spoke howto is a recurring question we get from customers ?
Cancel
Vote Up 0 Vote Down

Cancel