site to site vpn for multipoint bridged connection

Unanswered Question
Dec 8th, 2008

I have a point to multipoint wireless bridge connection that the customer wants to secure with an ASA 5505 at each location. Keep in mind that each remote is just an extension of the host network, all on the same IP range.

I was thinking that I could just setup an ipsec tunnel to each location from the host. Every example I see uses a different IP range for each location.

My question is, is that possible and how would I do that?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ddawson Wed, 12/10/2008 - 13:40

No, the ASA can't bridge across IPSec VPN connections (I don't believe any IPSec implementation by any vendor directly supports bridging), so I don't think there's an easy solution. If you had IOS routers you could configure bridging across GRE tunnels, even that's not supported by Cisco so you'd still be pushing your luck a little bit. Probably the best solution would be to just bite the bullet, re-address the remote sites, and configure traditional site-to-site VPNs. You could try to get fancy and do NAT across the VPNs so that all the remote hosts would appear to be on the same subnet as the main site, but I think you'd just be asking for trouble doing that.


This Discussion