Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
989
Views
40
Helpful
2
Replies

L2L vpns on ISR4331 - how to hairpin the traffic

mihai.vasc
Level 1
Level 1

‎02-25-2022 12:47 AM

Hello all,

There are two L2L vpns to 2 different partners configured on the same Cisco ISR4331 router. Now, beside the other traffic (to the lan of ISR4331), the 2 partners needs to communicate to each other like PartnerA -L2L->  ISR4331 -L2L-> PartnerB. basically the traffic coming over one L2L vpn to be "hairpined"  (on the same physical interface) to the other L2L vpn.

There is no NAT configured on the ISR4331 router for none of the vpns.

I know on ASA there was a command same-security-traffic permit intra-interface... Is there something similar for ISR routers??? Or anything else to make this setup working?

Thanks and best regards,

2 Replies 2

MHM Cisco World
VIP
VIP

‎02-25-2022 05:32 AM

nice Question, 
try 
config two VTI
VTI-1 receive packet form the L2L Site 1 
VTI-2 send the packet toward the L2L Site 2 
note:- config the IPSec profile under the VTI after check the solution is OK.
hope this work.

mihai.vasc
Level 1
Level 1
In response to MHM Cisco World

‎02-25-2022 06:16 AM

Hi, yes, that it should work for sure, but unfortunately I cannot use VTI for these L2L vpn. Remote ends are not under my management and VTI solution is not an options.

Both L2L are using crypto map on the same interface on ISR4331.

thanks anyway

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card