Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Allow vpn client down a site to site tunnel from router A to router B

Reply
Thread Tools

Allow vpn client down a site to site tunnel from router A to router B

 
 
tweety
Guest
Posts: n/a
 
      07-29-2008
Hi there,

I was wondering if the following is possible?

I am terminating a vpn client ( pool 10.10.10.0 /24 ) onto router A
and allowing access to 192.168.100.0 /24 , this is router A's local
lan. Router A also has a site to site VPN to router B. This is from
net 192.168.100.0 /24 to 192.168.200.0 /24 This is as follows.....

Remote Client 10.10.10.0 /24
|
|
192.168.100.0 /24>>Router A>><<Router
B<<192.168.200.0 /24

Is there anyway that the remote client would be able to go down the
Site to site VPN and see Router B's lan?

I am looking fo the remote clients to be able to access resources on
Router B's lan.

Thanks for any help or pointers anyone can provide.

Andrew
 
Reply With Quote
 
 
 
 
Uli Link
Guest
Posts: n/a
 
      07-31-2008
tweety schrieb:
>
> I am terminating a vpn client ( pool 10.10.10.0 /24 ) onto router A
> and allowing access to 192.168.100.0 /24 , this is router A's local
> lan. Router A also has a site to site VPN to router B. This is from
> net 192.168.100.0 /24 to 192.168.200.0 /24 This is as follows.....
>
> Remote Client 10.10.10.0 /24
> |
> |
> 192.168.100.0 /24>>Router A>><<Router
> B<<192.168.200.0 /24
>
> Is there anyway that the remote client would be able to go down the
> Site to site VPN and see Router B's lan?
>
> I am looking fo the remote clients to be able to access resources on
> Router B's lan.


On Router B there must be a route to 10.10.10.0/24 via the tunnel to
192.168.100.1 (or better use the ip of the tunnel interface of Router A
facing to Router B), so traffic from LAN B back to the VPN client is
finding it's way.

Perhaps you may consider the tunnel between Router A and Router B a GRE
over IPsec tunnel instead of pure IPsec which cannot use a routing
protocol. With the old crypto map syntax and static routes it is also
possible but config will soon become quite ugly.
Beware the execution order of NAT, Firewall and IPsec encryption.

--
Uli

 
Reply With Quote
 
 
 
 
desperado618 desperado618 is offline
Junior Member
Join Date: Aug 2008
Posts: 8
 
      08-03-2008
I have been asked this several times and always ended up doing some very creative routing. Hairpinng will also need to be turned on since Clients from Router A and the VPN to Router B are behind the same interface.

If split tunneling is not turned on for the client VPN, all traffic will be allowed to the internet with Hairpinning turned on since interface acls will not be applied.

I honestly don't think this will work, however I wish you luck and look forward to your results.

www.netleets.com
IT Security News, Forums, and Information,in plain english
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Allow Cisco vpn client pool down a site to site VPN tweety Cisco 4 07-29-2008 11:26 PM
Site to site VPn tunnel and VPN tunnel Trouble Cisco 1 08-04-2006 08:09 AM
Site to site VPn tunnel and VPN tunnel Trouble Cisco 0 08-04-2006 04:23 AM
PIX 501 :VPN client traffic does not pass down VPN tunnel to remote subnet.. Tim Fortea Cisco 2 10-23-2004 12:25 PM
Split Tunnel Blocks http through tunnel but passes http around tunnel a.nonny mouse Cisco 2 09-19-2004 12:10 AM



Advertisments