VPN - Site to Site - Help

Unanswered Question
Nov 8th, 2007
User Badges:

Hi,


MY IPSEC site to site with Hub and Spoke is working great, but needs spoke to communicate with other spoke....


I have Hub and two spoke connection for my site to site VPN.


Hub private range is 192.168.1.0/24

spoke 1 private range is 192.168.2.0/24

Spoke2 private range is 192.168.3.0/24


what is requried for spoke1 to communicate with spoke2.......


Is there a cisco-sample config link for similar scenario....

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Thu, 11/08/2007 - 04:36
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


Which device are you using for IPSEC at hub site and which version of software ie.


router ?

ASA

Pix - if pix which version of software.


In general answer to your question if you want go from spoke1 to spoke2 via hub you need to update crypto access-lists on the spokes and the hub to include all the networks.


But if pix or ASA device you may need additional config.


Jon

Amin Shaikh Thu, 11/08/2007 - 05:25
User Badges:

Hi,


at Hub its a 3840 Router...

Spoke 1 its ASA

Spoke 2 its 2800 Router....


with this scenario... what is required at HUB and the spokes.....



Jon Marshall Thu, 11/08/2007 - 05:55
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Okay, with a router as the hub device you should be able to do this.


Have a look at this link


http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080093dc8.shtml


Don't worry about it being router to router, the principle is the same.


HTH


Jon

Amin Shaikh Thu, 11/08/2007 - 06:14
User Badges:

Thanks....


This was exactly I needed...


at one of the SPOKE we have Remote-Access enabled as well...


REmote-Access users can access Spoke Network but cannot access HUB Network?? Can you advice what config is required to make it accessible....


Cheers


kareem.afifi Thu, 11/08/2007 - 06:16
User Badges:

Guys,


So far these are great. Thanks. Right now at the X location i would most likley have a 2800 series router with a PIX 515E at location X. The co-location would give me whatever equipment i would need. As of right now i have my users VPN into the network via a 3005 concentrator.

Amin Shaikh Fri, 11/09/2007 - 21:39
User Badges:


at one of the SPOKE we have Remote-Access enabled as well...


REmote-Access users can access Spoke Network but cannot access HUB Network?? Can you advice what config is required to make it accessible....


Cheers




Actions

This Discussion