We have three sites in full meshed MPLS configuration. Site A >>> Site B >> and Site C, they all can reach each other subnets via MPLS. Now, my dilemma is Site C has a LAN-TO-LAN VPN tunnel with our Parent Company. Now i want site A and B to access our Parent company under the same VPN tunnel at site C rather than create a new vpn tunnel from Parent Company to site A and site B(don't want to have 3 tunnel to a single site). So i need a bit of help to make sure that is going work before i start the implementation. There is my plan, please feel free to comment and make suggestions...
1. Have parent Company to add Site B, Site C subnets into their Crypto map ACL;
2. Myself to add routes in site A and site B to send traffic destined to Parent company subnets to site C router and router to send it under VPN tunnel;
3. Add site A, and Site B subnets into the Crypto Map ACL at site C allow and encrypted traffic before sending it to under the tunnel to parent company.
Yes, it does look like that clear for me... but i am still uncerstain and don't want to play with production network, so your your feedbacks, sugestion, and commets are welcome and will be appreciated.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...