Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
338
Views
0
Helpful
1
Replies

VPN 3000 spoke to spoke communication

jordan.bean
Level 1
Level 1

‎06-24-2009 06:50 PM

We'll be upgrading to an ASA soon, but I have an immediate issue I need assistance with.

We have multiple spoke sites with only DHCP addresses establishing a VPN to our VPN 3000 box (using the default group). The site-to-site VPN's work fine. However, no sites can communicate with one another.

Does anyone know how to configure spoke-to-spoke communications in this scenario? Both spokes in question encapsulate the packets and sends them to the VPN 3000. But, the VPN 3000 is not passing the data to the other spoke site.

I know that I could get a static IP at one site and then do a direct VPN between the 2, but don't want to do that if I don't have to.

Labels:
0 Helpful
1 Reply 1

ldardon
Level 1
Level 1

‎06-30-2009 12:51 PM

This illustrates how to create a LAN-to-LAN VPN tunnel between central and remote VPN 3000 Concentrators. Concurrent to the LAN-to-LAN VPN, the central concentrator also accepts remote access VPN connections. Communication is then enabled between the remote access VPN Client and the local LAN, behind the remote concentrator, through the central concentrator. The communication between spokes is enabled through the use of Reverse Route Injection (RRI), a feature introduced in version 3.5 of the VPN 3000 Concentrator code:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a0080094a86.shtml

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents