Allow vpn client down a site to site tunnel from router A to router B

Discussion in 'Cisco' started by tweety, Jul 29, 2008.

  1. tweety

    tweety Guest

    Hi there,

    I was wondering if the following is possible?

    I am terminating a vpn client ( pool /24 ) onto router A
    and allowing access to /24 , this is router A's local
    lan. Router A also has a site to site VPN to router B. This is from
    net /24 to /24 This is as follows.....

    Remote Client /24
    | /24>>Router A>><<Router
    B<< /24

    Is there anyway that the remote client would be able to go down the
    Site to site VPN and see Router B's lan?

    I am looking fo the remote clients to be able to access resources on
    Router B's lan.

    Thanks for any help or pointers anyone can provide.

    tweety, Jul 29, 2008
    1. Advertisements

  2. tweety

    Uli Link Guest

    On Router B there must be a route to via the tunnel to (or better use the ip of the tunnel interface of Router A
    facing to Router B), so traffic from LAN B back to the VPN client is
    finding it's way.

    Perhaps you may consider the tunnel between Router A and Router B a GRE
    over IPsec tunnel instead of pure IPsec which cannot use a routing
    protocol. With the old crypto map syntax and static routes it is also
    possible but config will soon become quite ugly.
    Beware the execution order of NAT, Firewall and IPsec encryption.
    Uli Link, Jul 31, 2008
    1. Advertisements

  3. tweety


    Aug 3, 2008
    Likes Received:
    I am interested in viewing the configuration if you get this working

    I have been asked this several times and always ended up doing some very creative routing. Hairpinng will also need to be turned on since Clients from Router A and the VPN to Router B are behind the same interface.

    If split tunneling is not turned on for the client VPN, all traffic will be allowed to the internet with Hairpinning turned on since interface acls will not be applied.

    I honestly don't think this will work, however I wish you luck and look forward to your results.
    IT Security News, Forums, and Information,in plain english
    desperado618, Aug 3, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.