Question on VPN router (2651) setup for both client/site access
I have 2 VPN routers setup for a site-to-site connection from site A to site B. Site A router A is also configured to allow client-to-site access using CISCOSecure VPN client 1.1 on remote machines.
I need to know is it possible for a client on remote site to access site B via router A? that is the client machine have to establish a tunnel to router A then in return using the site-to-site tunnel to access site B network. I know the requirement sounded a bit weird but not sure whether it can be done?
Re: Question on VPN router (2651) setup for both client/site acc
Yes, I think that can be done with caveats. I couldnt find any sample configs (its probably not a very common requirement) but youll have to make sure the host on site b bypasses the site-to-site tunnel. One problem, if the host on site B wants to go to another host on Site B, TCP is going to route those packets directly to that host without going through the gateway (and therefore the VPN tunnel). That makes logical sense since its probably 12 hops closer but it may not fir your requirement. You should review this with a Cisco design engineer to see what alternatives and configs will be needed.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...