routing between 2 site-to-site VPNs with SA520

Unanswered Question
Feb 13th, 2012
User Badges:

Hi there,


I would be glad if someone could help me with a SA520.


My SA520 connects to two site-to-site vpns. image there are three nets, right, middle and left. the sa520 is in the middle an can ping to left and right. left and right can ping to middle, but not to each other (I need to go from right to left and "hop over" the sa520h. unfortunately this is not working (with my "standard" assistant based setup).


Any ideas how to accomplish this?


Thanks for any help.


best regards


ekki


Sent from Cisco Technical Support iPad App

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Eckhard Eilers Wed, 02/15/2012 - 01:49
User Badges:

Hi there,

solved it by help from a partner (cisco's smb support said this would not be possible).


You have to create different VPN Policies for every subnet ip range that shall be routed to the attached vpns


left: 192.168.100.0

middle: 192.168.0.0

right: 10.1.10.0


vpn policies:

for right (based on ike policy "right") :

a) local 192.168.0.0 remote.10.1.10.0

b) local 192.168.100.0 remote 10.1.10.0


for left (based on ike policy "left")

a) local 192.168.0.0 remote 192.168.100.0

b) local 10.1.10.0 remote 192.168.100.0



I think, if connecting more vpns, you have to multiply this.



hope this will help someone in the same situation


best regards



ekki

Actions

This Discussion