This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN, how to route traffic over IPSec.

Hi,
This is my VPN site to site configuration/routing issue.

System:
ASL 6.2 latest, and home/office licens on all systems.

Configuration setup:
(inside addresses)

Site-A = 10.1.1.0/24
vpn to Site-B (10.1.1.0/24 -> 10.1.2.0/24)

Site-B = 10.1.2.0/24
vpn to Site-A (10.1.2.0/24 -> 10.1.1.0/24)
vpn to Site-C (10.1.2.0/24 -> 10.1.3.0/24)

Site-C = 10.1.3.0/24
vpn to Site-B (10.1.3.0/24 -> 10.1.2.0/24)

Question:
How can I configure vpn connections to accept or route traffic from Site-A -> Site-C over the Site-B tunnels ?
(I don´t want to do 10.1.0.0/16 subnets for the vpn connections)

I have tested static route.
Tested multiple tunnels.
Tested other subnet configurations for the vpn, Any - net, None...

Is this even possible in 6.2 or do I wait for 7.0?

Thanks
Göran

This thread was automatically locked due to age.

Parents

0 rmorrison682 over 19 years ago

We have come across the same issue at our site and found this article to be very helpful.

http://portal.knowledgebase.net/article.asp?article=126026&p=5956

-Ray
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 rmorrison682 over 19 years ago

We have come across the same issue at our site and found this article to be very helpful.

http://portal.knowledgebase.net/article.asp?article=126026&p=5956

-Ray
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Goran_Karlsson over 19 years ago in reply to rmorrison682

Thank´s Ray,

This would fix the problem I described.

But in real life my setup is more like this.

Site-A 172.16.1.0/24

Site-B 10.1.1.0/24 (HUB site)

Site-C 192.168.1.0/24

So making one supernet tunnel won´t fix this in my case.
And multi tunnels don´t seams to work to the same IP.

/gk
Cancel
Vote Up 0 Vote Down

Cancel
0 pablito over 19 years ago in reply to Goran_Karlsson

While a supernet isn't pratical for you you can do it with 2 tunnels from each sat office. "hub/spoke"

Site-A->Site-B:
A-net->B-net
A-net-C-net

Site-C->Site-B:
C-net->B-net
C-net->A-net

Site-B == 4 tunnels

You need filter rules at each site to allow traffic between the desired nets. The routing is done by the VPN.

Anything from A-C or C-A is via the hub site.

You can run multiple tunnels no problem if logicaly correct.
Cancel
Vote Up 0 Vote Down

Cancel