Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
608
Views
0
Helpful
3
Replies

data transfer between 2 IPSec tunnels ?

sulfig
Level 1
Level 1

‎01-09-2002 01:04 AM - edited ‎02-21-2020 11:33 AM

Hello all,

I'm currently trying to figure out if it is possible to transfer data between two "branch office sites" connected to a "central site" using IPSec tunnels.

Setup:

Branch A <-- IPSec --> Central <-- IPSec --> Branch B

Is it possible to transfer data between A and B using Central as intermediate hop? The advantage of this setup would be, that only at the Central site access rules need to be configured.

I've tried to set this up in our lab environment... without success. When A wants to transfer data to B, a tunnel to Central is successfully established. But as Central wants to setup the 2nd tunnel to B an error message "peer not found" is displayed. It's the same the other way round.

2 Questions:

1) Is this setup possible in general?

2) If so, where can I find a sample configuration?

I'll be glad about any hints.

Regards

Sascha Ulfig

Labels:
0 Helpful
3 Replies 3

ciscomoderator
Community Manager
Community Manager

‎01-15-2002 01:15 PM

Often times complex configuration issues are best addressed in an interactive session with one of our trained technical assistance engineers. While other forum users may be able to help, it’s often difficult to do so for this type of issue.

To utilize the resources at our Technical Assistance Center, please visit http://www.cisco.com/tac and to open a case with one of our TAC engineers, visit http://www.cisco.com/tac/caseopen

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

0 Helpful

ermccann
Level 1
Level 1

‎01-16-2002 11:08 PM

Sascha,

What are you using at the central site, If it is a Pix, you will not be able to route traffic between the two branch sites since the pix will not redirect traffic, If all of these sites are routers I have seen it work best with GRE over ipsec. If you have a vpn3000 concentrator at the central site it should be very easy to make this work.

Eric

0 Helpful

sulfig
Level 1
Level 1

‎01-16-2002 11:46 PM

Thanks for your replies. In the meantime a colleague of mine has found a sample configuration on CCO.

After all my setup was fine, except that the hub router had the wrong IOS version. 12.2(5)+ is needed.

The link for this is:

http://www.cisco.com/warp/public/707/ios_hub_spoke2.html

0 Helpful
Customers Also Viewed These Support Documents