Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
862
Views
0
Helpful
5
Replies

connecting 3 sites

tallpaulroe
Level 1
Level 1

‎08-17-2011 07:13 AM - edited ‎03-04-2019 01:18 PM

i need a little help in connecting 3 sites

site A  10.x.x.x networks

site B 192.168.x.x  networks

site C 192.168.x.x networks

we also need to connect over the internet

site A has around 30 devices that will send data to a server at site B

site B has a server that will from time to time request data from the devices at Site A

Site D needs to access the devices at Site A for development support only

my thoughts were that i need static NAT for the 30 ish devices at Site A

then a 2 VPN's from site A to site's B and C.

so i kind of thought that i would end up with this kind of setup

site A 10.x.x.x--R1(doing Static NAT)--Firewall/Router------Internet-------Firewall/router---R2(doing Static Nat)---Site C 192.168.x.x

                                                                                                 |

                                                                                                 |__Firewall/router----R3(doing static NAT)--- Site B 192.168.x.x

am i heading in the right direction??

Labels:
0 Helpful
5 Replies 5

mvsheik123
Level 7
Level 7

‎08-17-2011 02:27 PM

Hi,

As you already figured this out, your best best bet would be VPN. If the VPN tunnel is UP, you do not need static NAT for the IPsto reach the other site . (only if they need to goto internet- then you can think about it, provided you got enough public IPs). Also, for side D - make sure to include only developement subnet at siteA in the interesting traffic ACLs. All the best.

Thx

MS

0 Helpful

Marwan ALshawi
VIP Alumni
VIP Alumni

‎08-17-2011 05:54 PM

The best and easiest way is to use DMVPN

This will let you have a hub and spoke topology over the Internet with multipoint gre tunnels protected by IPSec for security

Also these mgre tunnel let you have multicasting and dynamic routing to be run between your sites for full connectivity

Also you can have only one public static ip over internet on the hub

And spoke to spoke can go direct without going through

The hub

Please search

Google or cisco.com about DMVPN

HTH

If helpful rate

Sent from Cisco Technical Support iPhone App

0 Helpful

tallpaulroe
Level 1
Level 1
In response to Marwan ALshawi

‎08-18-2011 12:35 AM

could i do this with an ASA at each site?

0 Helpful

Marwan ALshawi
VIP Alumni
VIP Alumni
In response to tallpaulroe

‎08-18-2011 01:07 AM

NO you need a router

however if you have ASA connected to the Internet and a router behind it then you can do NAT and ACL permitting GRE to the router inside the LAN

if you do not have rouer in each site only ASAs then you can use cleint server VPN also know as easy VPN on the ASA

http://tekcert.com/blog/2011/03/17/asa5510-asa5505-easy-vpn-server-client-configuration-sample

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ezvpn505.html

HTH

if helpful Rate

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card