Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ipsec vpn tunnel redirection

                   Hi All.,,

i hve one requirment if you can help me out

I have multilple sites connected via site-to-site ipsec vpn tunnel to HQ terminting on the same interface on HQ.

Requirmet is to redirect traffic  coming from all the sites to one of the main site where servers are hosted..

how can i do that.... ??

please let me know wht else infrmation is needed?/

thanks in advance!!

6 REPLIES

ipsec vpn tunnel redirection

Hi Shekhar,

"Requirmet is to redirect traffic  coming from all the sites to one of the main site where servers are hosted.."

Please asnwer this question below.

redirecting IPSec encrypted IP-traffic or plain-text IP-traffic coming off the IPSec tunnel from both end points?

Community Member

ipsec vpn tunnel redirection

Hi rizwan,

It is redirecting ipsec-encrypted traffic

ipsec vpn tunnel redirection

You need to policy based static nat on your ASA or Router, in order to redirect IPSec traffic.

Basically your HQ (Device) become a transite path for IPSec traffic as a result of policy based static-nat and actual tunnel end point will be the site where servers are hosted.

I assume, on this servers' remote site, either you have an ASA or Router to terminiated tunnel coming through the translated address to device (i.e. ASA or Router) hosted at server-side remote site.

Hope this answers your question.

thanks

Rizwan Rafeek

Community Member

ipsec vpn tunnel redirection

i got a bit of it...as i havtn't done polict static nat before....

let me explain u the situation again... to make sure we are on the same page

I am running a site to site ipsec vpn tunnel b/w HQ and 1 branch site say for e.g  Site 1

I am running also running a site to site ipsec vpn tunnel b/w HQ and 1 branch site(server site) say for e.g Site 2

nw the requirment is traffic coming from Site 1 to servers should terminate at HQ and afterthat HQ should redirect that traffic  to Site 2.

Kindly note :- I am using single physical interface at HQ router for both the Vpns.

Re: ipsec vpn tunnel redirection

Hi Shekhar,

Basically what you want to do, is to make two of your remote-spoke sites reachable via the Hub site, correct?

If so, what you would need then is, DMVPN with NHRP enable.

http://www.cisco.com/image/gif/paws/43067/dmvpn-gre-eigrp.pdf

Please follow the link above.

thanks

Message was edited by: Rizwan Mohamed

Community Member

ipsec vpn tunnel redirection

Hi Riazwan,,

I have the exact same requirment .., I will create DMVPN with nhrp and check if the solution works.

Thks for the help!!

1292
Views
0
Helpful
6
Replies
CreatePlease to create content