Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
251
Views
0
Helpful
2
Replies

IP Routing on a 3005 IPSEC LAN2LAN ?

jhatfield
Level 1
Level 1

‎08-19-2002 10:16 AM - edited ‎02-21-2020 12:00 PM

I have a test environment where we are connecting several sites via edge PIX 501s to a central 3005 concentrator over IPSEC Lan2Lan tunneling via the Internet

I'm using static routing, communication from Site A and B back to the hub is good (and vice versa). What I now need to do is get communication from Site A to Site B functioning across the tunnels. My central site is using 172.20.0.0 /16 and the remotes will be using 172.21.0.0 /16. Site A is 172.21.8.0/24 and site B is 172.21.9.0/24.

The 3005 documentation seems light when it comes to doing this. Is anybody out there running this type of configuration? Thanks in advance.

Labels:
0 Helpful
2 Replies 2

awaheed
Cisco Employee
Cisco Employee

‎08-20-2002 01:36 PM

Hi,

What I gather from this is you are trying to do a Hub and Spoke with Site A & B being the spokes and 3005 is at the head-end. And you are trying to route between the Spokes through the Hub (CVPN3000). You should be able to do this without any problems as long as the Routes are added at each site properly. This has worked in the past and should work for you aswell.

Hope I understood you correctly,

Regards,

Aamir

-=-

0 Helpful

jhatfield
Level 1
Level 1
In response to awaheed

‎08-21-2002 03:32 AM

I suspected this was the case but was not certain. My working assumption is that If I change the ACLs on the edge PIX devices to protect the spoke-to-spoke traffic the 3005 would do the rest. Thanks for the input!

0 Helpful
Customers Also Viewed These Support Documents