ā02-09-2012 11:28 PM - edited ā03-11-2019 03:27 PM
Hi All,
we have three sites at mumbai, pune , delhi.
A site to site tunnel is created between mumbai and pune.
and tunnel between mumbai and delhi.
We donot have tunnel between delhi and pune.
Is it possible to route the traffic of delhi from mumbai site to pune site.
The problem is we donot to create site to site between delhi and pune.
ā02-09-2012 11:43 PM
search the forums as I have answered a question just lie this.
Sent from Cisco Technical Support iPad App
ā02-10-2012 01:28 AM
Thanks for your help
ā02-10-2012 03:12 AM
Hi Ajay,
Can u expalin me regarding site to site
ā02-10-2012 09:16 AM
Hello Prashant,
As Andrew said, he answered a question like this!
It is possible, all you need to do is to include into the crypto traffic that communication, also add the same security permit intra interface command.
Regards,
Julio
ā02-10-2012 10:31 PM
Hi Jcavaraj,
Just consider the scenario three site a, b, c.
a---10.0.0.0/24 net
b----20.0.0.0/24 net
c-----30.0.0.0/24 net
there is site to site tunnel is created between a to b and a to c. no tunnel between b to c,
Now the requirement is 20 network should access 30 network
Please find the access-list below
on site a
access-list outside_2_crypto extended permit ip 10.0.0.0.0 255.255.255.0 20.0.0.0 255.255.255.0
accss-list outside_2_crypto extended permit ip 10.0.0.0 255.255.255.255.0 30.0.0.0 255.255.255.0
same-security-traffic permit intra-interface
on site b
access-list outside_4_crypto extended permit ip 20.0.0.0 255.255.255.0 10.0.0.0 255.255.255.0
access-list outside_4_crypto extended permit ip 20.0.0.0 255.255.255.0 30.0.0.0 255.255.255.0
same-security-traffic permit intra-interface
on site c
access-list outside_3_crypto extended permit ip 30.0.0.0 255.255.255.0 10.0.0.0 255.255..255.0
access-list outside_3_crypto extended permit ip 30.0.0.0 255.255.255.0 20.0.0.0 255.255.255.0
same-security-traffic permit intra-interface.
Is the configuration right ? Please let me know
ā02-10-2012 10:55 PM
Hello Prashant,
Nop. What I meant is the following
On Router A:
Crypto map from Tunnel to B
access-list outside_2_crypto extended permit ip 10.0.0.0.0 255.255.255.0 20.0.0.0 255.255.255.0
access-list outside_2_crypto extended permit ip 20.0.0.0 255.255.255.0 30.0.0.0 255.255.255.0
Same thing for the tunnel of A to C
Site C an B are fine just remove the same-security as you do not need it there.
Regards,
ā02-10-2012 10:59 PM
Thanks a lot,
Appreciate for quick response always, Let u know once done
ā02-10-2012 11:19 PM
Hello Prashant,
My pleasure! Sure just keep me posted
Julio
ā02-13-2012 03:23 AM
Hi,
Suppose i want to RDP of SIte A from Site C.
Site A ip is 10.10.10.5
Site C ip is 30.30.30.10
How routing will work in this case ?
ā02-13-2012 04:57 PM
Hello,
As I said before, you will need to match that traffic into the crypto ACL, that is all you need.
ā02-13-2012 07:54 PM
Thanks,
If I run show crypto isakmp sa on c for the destination B it will display state as QM_IDLE?
ā02-14-2012 07:02 AM
Hello Prashant,
Can you post the 3 sites config?
Regards,
Julio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide