Is it possible to do point-to-multipoint Lan-to-Lan VPN on ASA?

Unanswered Question

I have a central site ASA and 4 remote sites all connected via dedicated circuits. I'd like to build LAN-to-LAN VPN tunnels from the remotes back to the central site. Can I build one-to-many or multiple point-to-point VPN tunnels, all terminating on the central site ASA? I would think I could; preliminary browsing of CCO hasn't come up with anything.

Thanks for the input!

Mike.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sushilmenon Wed, 12/05/2007 - 00:00

hi mike yes u can easily do that.

it;s called hair pinning vpns on the asa.

but in that case on the asa too u will have to have 4 vpn tunnels terminating on each remote branch.

but on the branch routers u can configure it that for sending traffic to other bracnhes should be ipsec protected and send to the asa as the central ipsec hub.the asa will then decrypt the packet and re-encrypt the packet and forward if to the other branch.

so on ur branches u will have only a single vpn tunnel to the asa but it will protect all the traffic from that branch to the asa and as well as for other branches.

i guess u are looking for this kind of solution.

hope this helps

regards

sushil

Actions

This Discussion