Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Question on VPN router (2651) setup for both client/site access

I have 2 VPN routers setup for a site-to-site connection from site A to site B. Site A router A is also configured to allow client-to-site access using CISCOSecure VPN client 1.1 on remote machines.

I need to know is it possible for a client on remote site to access site B via router A? that is the client machine have to establish a tunnel to router A then in return using the site-to-site tunnel to access site B network. I know the requirement sounded a bit weird but not sure whether it can be done?

Many thanks.

New Member

Re: Question on VPN router (2651) setup for both client/site acc

Yes, I think that can be done… with caveats. I couldn’t find any sample configs (it’s probably not a very common requirement) but you’ll have to make sure the host on site b bypasses the site-to-site tunnel. One problem, if the host on site B wants to go to another host on Site B, TCP is going to route those packets directly to that host without going through the gateway (and therefore the VPN tunnel). That makes logical sense since it’s probably 12 hops closer but it may not fir your requirement. You should review this with a Cisco design engineer to see what alternatives and configs will be needed.