Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

route traffic

Hi All,

we have three sites at mumbai, pune , delhi.

A site to site tunnel  is created between mumbai and pune.

and tunnel between mumbai and delhi.

We donot have tunnel between delhi and pune.

Is it possible to route the traffic of delhi from mumbai site to pune site.

The problem is we donot to  create site to site between delhi and pune.

12 REPLIES

Re: route traffic

search the forums as I have answered a question just lie this.

Sent from Cisco Technical Support iPad App

New Member

route traffic

Thanks for your help

New Member

route traffic

Hi Ajay,

Can u expalin me regarding site to site

route traffic

Hello Prashant,

As Andrew said, he answered a question like this!

It is possible, all you need to do is to include into the crypto traffic that communication, also add the same security permit intra interface command.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

route traffic

Hi Jcavaraj,

Just consider the scenario three site a, b, c.

a---10.0.0.0/24 net

b----20.0.0.0/24 net

c-----30.0.0.0/24 net

there is  site to site tunnel is created between a to b and a to c. no tunnel between b to c,

Now the requirement is 20 network should access 30 network

Please find the access-list below

on site a

access-list outside_2_crypto extended permit ip 10.0.0.0.0 255.255.255.0 20.0.0.0 255.255.255.0

accss-list   outside_2_crypto extended permit ip 10.0.0.0 255.255.255.255.0 30.0.0.0 255.255.255.0

same-security-traffic permit intra-interface

on site b

access-list outside_4_crypto extended permit ip 20.0.0.0 255.255.255.0 10.0.0.0 255.255.255.0

access-list outside_4_crypto extended permit ip  20.0.0.0 255.255.255.0 30.0.0.0 255.255.255.0

same-security-traffic permit intra-interface

on site c

access-list outside_3_crypto extended permit ip 30.0.0.0 255.255.255.0 10.0.0.0 255.255..255.0

access-list outside_3_crypto extended permit ip 30.0.0.0 255.255.255.0 20.0.0.0 255.255.255.0

same-security-traffic permit intra-interface.

Is the configuration right ? Please let me know

route traffic

Hello Prashant,

Nop. What I meant is the following

On Router A:

Crypto map from Tunnel to B

access-list outside_2_crypto extended permit ip 10.0.0.0.0 255.255.255.0 20.0.0.0 255.255.255.0

access-list outside_2_crypto extended permit ip  20.0.0.0 255.255.255.0 30.0.0.0 255.255.255.0

Same thing for the tunnel of A  to C

Site C an B are fine just remove the same-security as you do not need it there.

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

route traffic

Thanks a lot,

Appreciate for quick response always, Let u know once done

route traffic

Hello Prashant,

My pleasure! Sure just keep me posted

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

route traffic

Hi,

Suppose i want to RDP of SIte A from Site C.

Site A ip is 10.10.10.5

Site C ip is 30.30.30.10

How routing will work in this case ?

route traffic

Hello,

As I said before, you will need to match that traffic into the crypto ACL, that is all you need.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

route traffic

Thanks,

If I run show crypto isakmp sa on c for the destination B it will display state as QM_IDLE?

route traffic

Hello Prashant,

Can you post the 3 sites config?

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
499
Views
15
Helpful
12
Replies
CreatePlease login to create content