Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Site to Site to Site VPN

Hi all,

I'm new to VPNs so bare with me...

We have 2 sites, 1 in the Philipines (5505) and one in New Zealand (5515) which are connected via VPN. This works fine. We also have a VPN from the 5515 to Microsoft Azure.

What we need to do is allow connections from the 5505 to Azure via the 5515. I have tried configuring it but can't seem to get it to work. When I run the packet tracer I can see that there is no VPN lookup happening for networks in Azure (from the 5505) but when I try a NZ network I can see VPN lookups happening.

Here's a basic diagram of what things look like.

Drawing1.jpg

Is what I'm trying to do even possible? To keep things simple lets ping from 172.29.1.1 to 172.16.0.1 and assume there are not ACL blocking traffic.

1 ACCEPTED SOLUTION

Accepted Solutions

Site to Site to Site VPN

Hello Farnell,

This is possible, no problem at all

What you will need to do:

  1. Include the traffic in the No_Nat rules on all of the sites for this traffic
  2. Configure routes pointing to the other subnet via the Azure device.
  3. Include in the crypto map to the azure site the traffic from both subnets

Afterwards my friend, you should be up and running!

Check my blog at http:laguiadelnetworking.com for further information.

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
3 REPLIES

Site to Site to Site VPN

Hello Farnell,

This is possible, no problem at all

What you will need to do:

  1. Include the traffic in the No_Nat rules on all of the sites for this traffic
  2. Configure routes pointing to the other subnet via the Azure device.
  3. Include in the crypto map to the azure site the traffic from both subnets

Afterwards my friend, you should be up and running!

Check my blog at http:laguiadelnetworking.com for further information.

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

Site to Site to Site VPN

Hi Julio,

Thanks a lot for that. Everything is working now.

It  turned out that the Azure network was not a member of the NAT group  that the other networks are. I added it into that and it worked.

Turns out we're running a multitude of versions here so your answer reflects version pre 8.3 but it was still helpful

Site to Site to Site VPN

Hello A.farnell,

Glad to hear that I could help,

Check my blog at http:laguiadelnetworking.com for further information.


Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
298
Views
0
Helpful
3
Replies
CreatePlease to create content