2 Replies Latest reply on Sep 26, 2013 7:01 AM by touristsis

    3 sites A, B, and C.  How can I communicate between all three via VPN.

    touristsis Visitor

      I have three site

      A.  Main site.  Static ip address - 192.168.150.0/24
      B.  Remote site.  Static ip address - 10.10.150.0/24
      C.  Remote cite.  DHCP ip address - 10.10.50.0/24

      Site B ------------GRE OVER IPSEC------------------------Site A--------------VPN IPSEC-------------------------------------------------Site C (does not have static ip address).

      is it possible for me to communicate between site B and C without creating a VPN between C and B?  Can I somehow just route B and C through A?

        • Re: 3 sites A, B, and C.  How can I communicate between all three via VPN.
          vmaxdawg05 Past_Featured_Member

          Yes.  If you configure your traffic selectors with the other two VPN's (A and B) & (A and C).  They called it haripinning in the Cisco world.

           

          In the VPN between A and B, include the Site C network 10.10.50.0 /24 in the source along with the Site A network 192.168.150.0 /24.

           

          Example of the traffic selector:

          Site A VPN to site B

           

          ip access-list extended VPN-10-vpn-selectors

            permit ip 192.168.150.0 0.0.0.255  10.10.150.0 0.0.0.255

            permit ip 10.10.50.0 0.0.0.255  10.10.150.0 0.0.0.255

           

          Site A VPN to C

          ip access-list extended VPN-20-vpn-selectors

            permit ip 192.168.150.0 0.0.0.255  10.10.50.0 0.0.0.255

            permit ip 10.10.150.0 0.0.0.255  10.10.50.0 0.0.0.255

           

           

          Site B VPN to A

          ip access-list extended VPN-10-vpn-selectors

            permit ip 10.10.150.0 0.0.0.255  192.168.150.0 0.0.0.255

            permit ip 10.10.150.0 0.0.0.255  10.10.50.0 0.0.0.255

           

          Site C VPN to A

          ip access-list extended VPN-10-vpn-selectors

            permit ip 10.10.50.0 0.0.0.255  192.168.150.0 0.0.0.255

            permit ip 10.10.50.0 0.0.0.255  10.10.150.0 0.0.0.255

           

          This will allow the traffic from C to travel in to A and then out to B.   Same goes the other way with B to C.

          Just keep in mind that A will be using more bandwidth and CPU.