Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
372
Views
0
Helpful
4
Replies

site-to-site vpn tunnel problems....

brutus_27
Level 1
Level 1

‎11-02-2006 09:16 AM

Hello,

I have a small problem I need to get users access from site a to site b. However Site A connects to the central office through a site-to-site vpn and site b is also connected to the central office through a site-to-site vpn tunnel. The central office can ping both site a and b and site a and b can ping the central office however. Site a cannot ping site b. I would like for users from site a to see the shared drive on the server at site b, however the central office router isn't passing the traffic, I think. Is there a command or a set of commands that I need to enter on the central office to allow for the traffic to be passed? Or do I simply need to setup a vpn tunnel from site a to b? If so where can I find a good how to?

thanks,

Zeb

PS central office is a Cisco 1841 and site a and b are both Cisco 851w's

Labels:
0 Helpful
4 Replies 4

ajagadee
Cisco Employee
Cisco Employee

‎11-02-2006 11:05 AM

Zeb,

Looks like you want to have VPN Tunnel communication between the spokes using the Hub Site.

Please refer the below URL for configuration details and explanation:

Configuring IPSec Router-to-Router Hub and Spoke with Communication Between the Spokes

http://cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080093dc8.shtml

I hope it helps.

Regards,

Arul

** Please rate all helpful posts **

0 Helpful

brutus_27
Level 1
Level 1
In response to ajagadee

‎11-02-2006 03:05 PM

Arul,

That link was very helpful however I was looking over the configurations and noticed the only difference was they had an ip route for each subnet and I have a single ip route of 0.0.0.0 0.0.0.0 S0/0/0. Would that affect pinging from site a to site b? Thanks for your help

Zeb

0 Helpful

jaffer_sathik2010
Level 1
Level 1
In response to ajagadee

‎11-02-2006 09:18 PM

Hi Arul,

I will be very thankful if you clear my doubt . Here is my query .

In the Hub router configuration. the routes are like that.

ip route 172.16.1.0 255.255.255.0 Ethernet0

ip route 192.168.1.0 255.255.255.0 Ethernet0

ip route 200.1.0.0 255.255.0.0 Ethernet0

Three different subnet's will exit via ethernet0. but Two sperate tunnel is connected with the 'ethernet0'interface for two different spokes . In that case how the hub router will make the routing decision when spaoke 'A' want to communicates with spoke 'B'.0 .

My thinking is instead of specifying the 'interface' in the routing command why can't we specify the remote end gateway IP adderss for the respective subnets ?

can we change the routing commands like this ?

ip route 172.16.1.0 255.255.255.0 200.1.2.1

ip route 192.168.1.0 255.255.255.0 200.1.3.1

ip route 200.1.0.0 255.255.0.0 Ethernet0

Thanks in Advance ,

--Jaffer

0 Helpful

martin_lx1980
Level 1
Level 1
In response to jaffer_sathik2010

‎11-06-2006 12:29 AM

Jaffer:

Configuration of Acl and route can tell you how the hub router will make the routing decision when spoke 'A' want to communicates with spoke 'B'.

When Spoke 1(172.16.1.0/24) want to pass traffic to Spoke 2(192.168.1.0/24),Spoke 1 will setup ipsec tunnel with Hub.When Hub receives the traffic from Spoke 1 that want to visit Spoke 2,according to the configuration of HUB

crypto map mymap 20 ipsec-isakmp

set peer 200.x.x.1

set transform-set myset

match address 120

access-list 120 permit ip 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255

ip route 192.168.1.0 255.255.255.0 Ethernet0

HUB will setup ipsec tunnel with Spoke 2.

Martin

0 Helpful
Customers Also Viewed These Support Documents