VPN hub and spoke with communication between spokes
I know the limitations of PIX in doing this, I would rather not use a router to do this. Does anyone know if the VPN Concentrator would work in this setup. ie VPN remote sites connect into a centralised hub VPN Concentrator. Remote sites can then communicate with each other. I am looking at deploying IP Telephony over VPNs but need end stations to communicate with each other as well as the main site.
Re: VPN hub and spoke with communication between spokes
I spent many hours debugging this. We do what you are trying to implement. The problem is the VPN concentrator will NOT communicate between spokes. However, it will spit the packets out the inside interface. Using a router behind the concentrator as the default next hop address, I turned off ICMP redirects on the router interface. This allows the packets to come out of the 3030 to the router, turn around and be sent back to the 3030. Kluge? yes! Now that TAC support has moved to Mexico, I can't even get the TAC guy to understand the problem. I gave up. A Cisco SE in Houston gave me this workaround and his sympathy. Good Luck!
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...