IPSec VPN- GRE tunnel

Joe Lee · ‎08-31-2011

Hi all-

Attached is the network diagram.

We have few sites using site to site VPN IPSec tunnel and they all are connected back to Cisco ASA in our HQ. The hosts from one of VPN sites (site A)acceses to the hosts in the other VPN sites (Site B in the diagram) without any issues, but we have one site (Site D in the diagram) is using GRE over IPSec, we are using router to router setup, and in HQ, the router is connected to the Cisco ASA. The hosts in local site (Site C in the diagram) can access the hosts in site D without any issues, but the hosts in site A or site B are not able to access any hosts to site C; If we generate the traffic in Site D to the hosts in Site A or B, and the hosts are able to access to site D, also, we need to gererate traffic by each host in Site D, e.g. if we don't generate the traffic host#1 in site D, the hosts in Site A or B won't be able to acces to the host #1 in Site D. Any idea?

Regards,

Joe

Federico Coto Fajardo · ‎08-31-2011

Hi,

As far as I understand you can only initiate the tunnel from Site D (not from Site A or B) is that correct?

Are you using dynamic IPs on the outside interfaces?

Can you share a bit more information of the scenario to try to help you out?

Federico.

Fabio Francisco · ‎08-31-2011

Hi Joe,

The fact that you can access sites A and B from D makes me wonder if there is any rule in your firewall blocking sites A and B to access site D.

Try to run packet tracer and see if there is any rule blocking your traffic.

.

Cheers,

Fabio

Joe Lee · ‎09-02-2011

Thank you guys, I just found that there is a nat'ing issue on the ASA.