cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
621
Views
0
Helpful
3
Replies

Site to Site to Site VPN

a.farnell
Level 1
Level 1

Hi all,

I'm new to VPNs so bare with me...

We have 2 sites, 1 in the Philipines (5505) and one in New Zealand (5515) which are connected via VPN. This works fine. We also have a VPN from the 5515 to Microsoft Azure.

What we need to do is allow connections from the 5505 to Azure via the 5515. I have tried configuring it but can't seem to get it to work. When I run the packet tracer I can see that there is no VPN lookup happening for networks in Azure (from the 5505) but when I try a NZ network I can see VPN lookups happening.

Here's a basic diagram of what things look like.

Drawing1.jpg

Is what I'm trying to do even possible? To keep things simple lets ping from 172.29.1.1 to 172.16.0.1 and assume there are not ACL blocking traffic.

1 Accepted Solution

Accepted Solutions

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Farnell,

This is possible, no problem at all

What you will need to do:

  1. Include the traffic in the No_Nat rules on all of the sites for this traffic
  2. Configure routes pointing to the other subnet via the Azure device.
  3. Include in the crypto map to the azure site the traffic from both subnets

Afterwards my friend, you should be up and running!

Check my blog at http:laguiadelnetworking.com for further information.

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

3 Replies 3

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Farnell,

This is possible, no problem at all

What you will need to do:

  1. Include the traffic in the No_Nat rules on all of the sites for this traffic
  2. Configure routes pointing to the other subnet via the Azure device.
  3. Include in the crypto map to the azure site the traffic from both subnets

Afterwards my friend, you should be up and running!

Check my blog at http:laguiadelnetworking.com for further information.

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Hi Julio,

Thanks a lot for that. Everything is working now.

It  turned out that the Azure network was not a member of the NAT group  that the other networks are. I added it into that and it worked.

Turns out we're running a multitude of versions here so your answer reflects version pre 8.3 but it was still helpful

Hello A.farnell,

Glad to hear that I could help,

Check my blog at http:laguiadelnetworking.com for further information.


Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: