Allow vpn client down a site to site tunnel from router A to router B

Discussion in 'Cisco' started by tweety, Jul 29, 2008.

  1. tweety

    tweety Guest

    Hi there,

    I was wondering if the following is possible?

    I am terminating a vpn client ( pool 10.10.10.0 /24 ) onto router A
    and allowing access to 192.168.100.0 /24 , this is router A's local
    lan. Router A also has a site to site VPN to router B. This is from
    net 192.168.100.0 /24 to 192.168.200.0 /24 This is as follows.....

    Remote Client 10.10.10.0 /24
    |
    |
    192.168.100.0 /24>>Router A>><<Router
    B<<192.168.200.0 /24

    Is there anyway that the remote client would be able to go down the
    Site to site VPN and see Router B's lan?

    I am looking fo the remote clients to be able to access resources on
    Router B's lan.

    Thanks for any help or pointers anyone can provide.

    Andrew
     
    tweety, Jul 29, 2008
    #1
    1. Advertising

  2. tweety

    Uli Link Guest

    Re: Allow vpn client down a site to site tunnel from router A torouter B

    tweety schrieb:
    >
    > I am terminating a vpn client ( pool 10.10.10.0 /24 ) onto router A
    > and allowing access to 192.168.100.0 /24 , this is router A's local
    > lan. Router A also has a site to site VPN to router B. This is from
    > net 192.168.100.0 /24 to 192.168.200.0 /24 This is as follows.....
    >
    > Remote Client 10.10.10.0 /24
    > |
    > |
    > 192.168.100.0 /24>>Router A>><<Router
    > B<<192.168.200.0 /24
    >
    > Is there anyway that the remote client would be able to go down the
    > Site to site VPN and see Router B's lan?
    >
    > I am looking fo the remote clients to be able to access resources on
    > Router B's lan.


    On Router B there must be a route to 10.10.10.0/24 via the tunnel to
    192.168.100.1 (or better use the ip of the tunnel interface of Router A
    facing to Router B), so traffic from LAN B back to the VPN client is
    finding it's way.

    Perhaps you may consider the tunnel between Router A and Router B a GRE
    over IPsec tunnel instead of pure IPsec which cannot use a routing
    protocol. With the old crypto map syntax and static routes it is also
    possible but config will soon become quite ugly.
    Beware the execution order of NAT, Firewall and IPsec encryption.

    --
    Uli
     
    Uli Link, Jul 31, 2008
    #2
    1. Advertising

  3. tweety

    desperado618

    Joined:
    Aug 3, 2008
    Messages:
    8
    I am interested in viewing the configuration if you get this working

    I have been asked this several times and always ended up doing some very creative routing. Hairpinng will also need to be turned on since Clients from Router A and the VPN to Router B are behind the same interface.

    If split tunneling is not turned on for the client VPN, all traffic will be allowed to the internet with Hairpinning turned on since interface acls will not be applied.

    I honestly don't think this will work, however I wish you luck and look forward to your results.

    www.netleets.com
    IT Security News, Forums, and Information,in plain english
     
    desperado618, Aug 3, 2008
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tim Fortea
    Replies:
    2
    Views:
    1,026
  2. Jon L. Miller
    Replies:
    1
    Views:
    16,613
    Dumbkid
    Feb 7, 2005
  3. Trouble
    Replies:
    0
    Views:
    650
    Trouble
    Aug 4, 2006
  4. Trouble
    Replies:
    1
    Views:
    556
  5. tweety
    Replies:
    4
    Views:
    843
    News Reader
    Jul 30, 2008
Loading...

Share This Page