• cabling news
  Newsletter Industry News Our Site News
• help
  Home Cabling Guide Cabling FAQ Free Helpdesk Forums Learn Cabling
• resources
  Color Codes Pin Layouts Links E-books Bookstore Online Tools Downloads
• this site
  Home Page Contact us Advertise Here Link to us
• this page
  Bookmark It! Print
• +

Cisco Systems Allow vpn client down a site to site tunnel from router A to router B

Bookmark this page:   Yahoo!   Google   Windows Live   del.icio.us   digg   Netscape

Subject Author Date Allow vpn client down a site to site tunnel from router A to router B tweety 07-29-08  Re: Allow vpn client down a site to site tunnel fr... Uli Link 07-31-08

Posted by tweety on July 29, 2008, 3:23 pm Please log in for more thread options Hi there, I was wondering if the following is possible? I am terminating a vpn client ( pool 10.10.10.0 /24 ) onto router A and allowing access to 192.168.100.0 /24 , this is router A's local lan. Router A also has a site to site VPN to router B. This is from net 192.168.100.0 /24 to 192.168.200.0 /24 This is as follows..... Remote Client 10.10.10.0 /24 | | 192.168.100.0 /24>>Router A>><<Router B<<192.168.200.0 /24 Is there anyway that the remote client would be able to go down the Site to site VPN and see Router B's lan? I am looking fo the remote clients to be able to access resources on Router B's lan. Thanks for any help or pointers anyone can provide. Andrew

Posted by Uli Link on July 31, 2008, 6:49 am Please log in for more thread options tweety schrieb: > > I am terminating a vpn client ( pool 10.10.10.0 /24 ) onto router A > and allowing access to 192.168.100.0 /24 , this is router A's local > lan. Router A also has a site to site VPN to router B. This is from > net 192.168.100.0 /24 to 192.168.200.0 /24 This is as follows..... > > Remote Client 10.10.10.0 /24 > | > | > 192.168.100.0 /24>>Router A>><<Router > B<<192.168.200.0 /24 > > Is there anyway that the remote client would be able to go down the > Site to site VPN and see Router B's lan? > > I am looking fo the remote clients to be able to access resources on > Router B's lan. On Router B there must be a route to 10.10.10.0/24 via the tunnel to 192.168.100.1 (or better use the ip of the tunnel interface of Router A facing to Router B), so traffic from LAN B back to the VPN client is finding it's way. Perhaps you may consider the tunnel between Router A and Router B a GRE over IPsec tunnel instead of pure IPsec which cannot use a routing protocol. With the old crypto map syntax and static routes it is also possible but config will soon become quite ugly. Beware the execution order of NAT, Firewall and IPsec encryption. -- Uli

Similar Threads	Posted
Allow vpn client down a site to site tunnel from router A to router B	July 29, 2008, 3:23 pm
Site to Site VPN routing - Cisco 1841 to Nortel VPN Router 1010	September 21, 2007, 1:46 pm
Site to Site VPN error on Cisco ASA5500 and router 1800	January 4, 2008, 1:55 pm
Site to Site VPN . Cant Connect To Inside Router Interfaces	August 5, 2007, 11:24 am
Site to Site VPN Issues w/ Cisco Router/NAT - I'm 90% of the way there. :)	June 23, 2006, 1:43 pm
Cisco ASA 5500 to Router site to site VPN	November 11, 2008, 11:57 am
Site-to-site tunnel w/NAT, return packets decap but not routed?	December 13, 2006, 7:52 pm
block ports out to internet but not out over site-to-site tunnel	March 6, 2006, 6:33 pm
site to site IPSEC Tunnel question problem with NAT T	November 2, 2006, 3:01 pm
both Easy VPN Server and a Site-to-Site tunnel on the same interface?	January 21, 2008, 1:17 pm
PIX 8.x to ASA 8.x Site (static ip) to Site (dynamic ip) tunnel configuration	February 20, 2008, 6:39 pm
site-to-site VPN tunnel with remote VPN clients	June 21, 2006, 11:07 am
NetBIOS Name can not pass through the Site-to-Site VPN tunnel	July 7, 2005, 11:24 pm
Keeping a site to site tunnel up indefinitely	January 12, 2007, 3:48 pm
Using an SLA echo monitor via an ASA Site-to-Site Tunnel	September 24, 2008, 3:27 pm

Contact Us | Privacy Policy