Re: Cisco VPN - passing traffic from one VPN tunnel to another V

Entuitesi · ‎11-10-2010

I have a conceptual question regarding passing of traffic from one destinctive established VPN Peer to a different established VPN Tunnel.

Below is my example.

- Main Site A - ASA5510 - HOST OR HUB Site

- Remote Site B - ASA5510

- Remote Site C - non Cisco device capable of L2L (Site to site VPN)

- All connected via public internet

1) Main Site A is peering (VPN) with Remote Site B (Site to Site VPN) and sharing local lan segments on each side

2) Main Site A is peering (VPN) with Remote Site C (Site to Site VPN) and sharing local lan segments on each side

Question....... is it possible to configure and allow traffic flowing from Remote Site B to Remote Site C and visa-vera using the existing established tunnels and accessing the private LAN segments of each site via the HOST Site ASA?

Thanks

Federico Coto Fajardo · ‎11-10-2010

Hi,

Sure it's possible.

You need to configure IPsec hairpinning in Site A.

same-security-traffic permit intra-interface

Then, you must include the LAN B in the interesting traffic going to Site C and viceversa.

Federico.

Entuitesi · ‎11-10-2010

Federico,

Thanks for your quick response, I thought this was indeed possible. I will search the Cisco site for configuration examples.

Thanks!

Federico Coto Fajardo · ‎11-10-2010

This document gives you the idea of doing u-turn for the VPN traffic:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008046f307.shtml

Federico.

Cisco VPN - passing traffic from one VPN tunnel to another VPN Tunnel