Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
247
Views
0
Helpful
4
Replies

Multi Network Site to Site

davidbl02
Level 1
Level 1

‎04-24-2016 05:54 PM - edited ‎03-08-2019 05:28 AM

I have 3 sites, 1 HQ site with a static IP and 2 remote sites with dynamic IPs. Each site has 4 separate networks, all with the same address spaces. For security reasons, I only want 1 to have internet access.

Site one

network 1

VLAN 10, IP 10.10.0.0  255.255.255.0 No internet access

network 2

VLAN 2 data, 10.2.0.0  255.255.255.0 No internet access

VLAN 3 Voice, 10.3.0.0  255.255.255.0 No internet access

network 3

VLAN 12 data, 10.2.0.0  255.255.255.0  internet access

VLAN 13 Voice, 10.3.0.0  255.255.255.0  internet access

network 4

VLAN 200 data, 10.2.0.0  255.255.255.0  No internet access

VLAN 300 Voice, 10.3.0.0  255.255.255.0  No internet access

Site two

network 1

VLAN 10, IP 10.10.1.0  255.255.255.0 No internet access

network 2

VLAN 2 data, 10.2.1.0  255.255.255.0 No internet access

VLAN 3 Voice, 10.3.1.0  255.255.255.0 No internet access

network 3

VLAN 12 data, 10.2.1.0  255.255.255.0  internet access

VLAN 13 Voice, 10.3.1.0  255.255.255.0  internet access

network 4

VLAN 200 data, 10.2.1.0  255.255.255.0  No internet access

VLAN 300 Voice, 10.3.1.0  255.255.255.0  No internet access

and so on....

How many router will I need, and how can I connect the sites over the internet. I considered DMVPN, however I keep running into the problem of how to keep the separate networks from router to each other. I would like to have 1 VPN and trunk the other networks over network 3, the network that will have internet access.

Labels:
0 Helpful
4 Replies 4

Philip D'Ath
VIP Alumni
VIP Alumni

‎04-25-2016 03:58 AM

This is going to result in a complex configuration - something you probably don't want.

With only 2 remote sites I would renumber the conflicting networks.

Otherwise what you are going to have to do is NAT the conflicting address spaces to another address space first that is unique, and run that over the VPNs.

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to Philip D'Ath

‎04-25-2016 04:00 AM

If you really don't want to renumber you could also look at using EasyVPN, which has some abilities to NAT subnets automatically.

http://www.cisco.com/c/en/us/products/collateral/security/ios-easy-vpn/eprod_qas0900aecd805358e0.html

I recommend you renumber the networks.

0 Helpful

davidbl02
Level 1
Level 1
In response to Philip D'Ath

‎04-25-2016 09:38 AM

Could I use DMVPN?

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to davidbl02

‎04-25-2016 01:04 PM

You can use DMVPN if you make all the subnets unique.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card