Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
338
Views
0
Helpful
6
Replies

VPN - Site to Site - Help

Amin Shaikh
Level 1
Level 1

‎11-08-2007 04:28 AM - edited ‎02-21-2020 03:22 PM

Hi,

MY IPSEC site to site with Hub and Spoke is working great, but needs spoke to communicate with other spoke....

I have Hub and two spoke connection for my site to site VPN.

Hub private range is 192.168.1.0/24

spoke 1 private range is 192.168.2.0/24

Spoke2 private range is 192.168.3.0/24

what is requried for spoke1 to communicate with spoke2.......

Is there a cisco-sample config link for similar scenario....

Labels:
0 Helpful
6 Replies 6

Jon Marshall
Hall of Fame
Hall of Fame

‎11-08-2007 04:36 AM

Hi

Which device are you using for IPSEC at hub site and which version of software ie.

router ?

ASA

Pix - if pix which version of software.

In general answer to your question if you want go from spoke1 to spoke2 via hub you need to update crypto access-lists on the spokes and the hub to include all the networks.

But if pix or ASA device you may need additional config.

Jon

0 Helpful

Amin Shaikh
Level 1
Level 1
In response to Jon Marshall

‎11-08-2007 05:25 AM

Hi,

at Hub its a 3840 Router...

Spoke 1 its ASA

Spoke 2 its 2800 Router....

with this scenario... what is required at HUB and the spokes.....

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to Amin Shaikh

‎11-08-2007 05:55 AM

Okay, with a router as the hub device you should be able to do this.

Have a look at this link

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080093dc8.shtml

Don't worry about it being router to router, the principle is the same.

HTH

Jon

0 Helpful

Amin Shaikh
Level 1
Level 1
In response to Jon Marshall

‎11-08-2007 06:14 AM

Thanks....

This was exactly I needed...

at one of the SPOKE we have Remote-Access enabled as well...

REmote-Access users can access Spoke Network but cannot access HUB Network?? Can you advice what config is required to make it accessible....

Cheers

0 Helpful

kareem.afifi
Level 1
Level 1
In response to Jon Marshall

‎11-08-2007 06:16 AM

Guys,

So far these are great. Thanks. Right now at the X location i would most likley have a 2800 series router with a PIX 515E at location X. The co-location would give me whatever equipment i would need. As of right now i have my users VPN into the network via a 3005 concentrator.

0 Helpful

Amin Shaikh
Level 1
Level 1
In response to kareem.afifi

‎11-09-2007 09:39 PM

at one of the SPOKE we have Remote-Access enabled as well...

REmote-Access users can access Spoke Network but cannot access HUB Network?? Can you advice what config is required to make it accessible....

Cheers

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents