IPSec Hairpinning

Unanswered Question
Oct 22nd, 2008
User Badges:

We have ASA 5510 which terminate Remote VPN clients as CVPN client and also hardware base client (Cisco IOS routers). How can we do that CVPN client when a connected to ASA has access at remote sites (through ASA, hub-spoke) which connected with hardware VPN clients (which work in auto mode with network extension). Is it possible?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mljevakovic Wed, 10/22/2008 - 03:56
User Badges:

We have an IP pool for CVPN clients:192.168.254.0/24 but hardware clients have own LAN networks for example: 192.168.2.0/24, 192.168.3./24 etc. What must I do in this case?

The encryption domains must include the 192.168.254.0/24 to be able to encrypted and decrypted from the remote sites.


Something like:-


access-list vpn-site-a permit ip 192.168.254.0 255.255.255.0 192.168.2.0 255.255.255.0


access-list vpn-site-b permit ip 192.168.254.0 255.255.255.0 192.168.3.0 255.255.255.0



HTH>

Actions

This Discussion