Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSec VPN Traffic Passthrough Issues

Hello,

 

I am currently working with a client on a potential solution to an issue he has at present. The idea is to hold a phone system in a datacenter behind a Cisco ASA 5505, with upto 6 sites connecting in direct over IPSec VPN. (Site to Site)

I am currently trialling with just two sites at the moment, but I am struggling with one part. 

Cisco ASA - Internal IP Range both VPNs connect to = 192.168.14.x (Remote Site)

2x Remote Sites with Draytek 2860 = 192.168.1.x (Site A) & 192.168.2.x  (Site B)

Normal VPN traffic is working as expected, Site A can connect to Remote Site and vice versa, and the same for Site B.

However, in rare circumstances, the phones will need to pass traffic direct between sites. So that means Site A sending traffic to Site B. We want to avoid having to run 7 VPNs at all sites, to connect them all directly. As such, I am looking for a way to route traffic using Cisco ASDM (this is the only access we have presently) from Site A to Site B if the Cisco sees traffic from 192.168.1.x trying to talk to 192.168.2.x. 

The Drayteks are passing the traffic down the VPNs per custom policies. As such, I just need the Cisco to know what to do with the traffic. 

Does anyone have any ideas?

Many Thanks

1 REPLY
New Member

You need to add a static

You need to add a static route on both Drayteks to tell them to send traffic for the remote site via the 5505.

And possibly an access rule on the 5505 to allow traffic between the 2 remote sites.

44
Views
0
Helpful
1
Replies
CreatePlease to create content