Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
405
Views
0
Helpful
2
Replies

Site to Site IPSec VPN

amit_kulshrestha_2
Level 1
Level 1

‎02-25-2015 12:52 AM - edited ‎03-07-2019 10:50 PM

Dear friends need you help on Site to Site IPSec VPN , my company have new requirement of connecting other client office with Site to Site IPSec VPN . they have arrange all required equipments and internet link, as per my previous configuration of Site to Site IPSec VPN i have allowed only one subnet in access list , now requirement is different which i have not done previously . as per attached diagram i have to actually allow server vlan(172.10.70.0/25) or to say other side network want to Server Vlan of my office , how to go about , need your help with configurations will be highly helpful..Also other side network will be taken care by their own network team ... Regards Amit Kulshrestha.

    

   

Labels:
Preview file
150 KB
0 Helpful
2 Replies 2

Cisco Freak
Level 4
Level 4

‎02-25-2015 08:01 AM

Hi Amit,

I don't know if I understood your question correctly.

But you can define the ACL to permit only your server VLAN to initiate the site to site VPN tunnel and restrict any other traffic in that ACL. 

Please clarify your exact requirement in details so that we can suggest you other options.

 

CF

 

 

0 Helpful

amit_kulshrestha_2
Level 1
Level 1
In response to Cisco Freak

‎02-25-2015 10:50 PM

HI CF , Thanks for concern , ok let me clarify my requirement , as you will see diagram , i have existing  network running till Juniper FW , in Juniper FW i have Server Vlan which having IP Schema 172.10.70.0/25 , now there is new client coming , they want to access our server Vlan . we are connecting  them with site to site IPSec VPN. for this i have new one Cisco router IPSec VPN features , one internet link and one new local lan IP Schema that is 192.168.1.0/24 which i will be configuring on new cisco router local lan interface  which act as communicating IP schema with Juniper FW and internet link i will configure on Wan interface of new Cisco router for IPSec VPN. Now actually client want to access Server Vlan that is 172.10.70.1/25 ,as you see there two local IP schema below New Cisco router wan interface that is 172.10.70.1/25 and 192.168.1.0/24. Now if you imagine that IPSec VPN is UP and running , client network want to access Server vlan below juniper fw , client will first cross IPSec tunnel then land on local lan interface of new cisco router that 192.168.1.0/24, how they will reach to Server Vlan below Juniper Fw. how will two different ip subnet will be permitted in  access-list .

i hope you can understand me. for anything else feel free to ask. Regards Amit

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card