Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7115
Views
0
Helpful
5
Replies

Routing multiple subnets over a site to site VPN

Go to solution
tsabsuavyaj
Level 1
Level 1

‎12-28-2012 11:53 PM

What is the recommended solution to route multiple subnets over a site to site vpn? Does each subnet require its own policy or can one policy be used for one or more subnets if the remote site has more than one subnets? Also, if the remote site router has only two fastethernet interfaces, will it work if configure one of the interfaces with subinterface or as a router on a stick?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jitendra Siyag
Level 1
Level 1

‎01-01-2013 02:46 PM

if you are talking about static routing then you can simply add the routes and modify the ACL for encrypted traffic accordingly.

if you want to run dynamic routing. then you will have to IPSEC VTI.  here is the link

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtIPSctm.html#wp1063136

and though i have not used subinterfaces for IPSEC VTI. but according to me it will work.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jitendra Siyag
Level 1
Level 1

‎01-01-2013 02:46 PM

if you are talking about static routing then you can simply add the routes and modify the ACL for encrypted traffic accordingly.

if you want to run dynamic routing. then you will have to IPSEC VTI.  here is the link

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtIPSctm.html#wp1063136

and though i have not used subinterfaces for IPSEC VTI. but according to me it will work.

0 Helpful

Go to solution
tsabsuavyaj
Level 1
Level 1
In response to Jitendra Siyag

‎01-02-2013 10:51 AM

Thank you, that's what I wanted to hear.

0 Helpful

Go to solution
Hardik Vaidh
Level 1
Level 1

‎01-01-2013 09:52 PM

you can configure loopback host and set as peer for your remote site. and modify the ACL for encrypted traffic accordingly.

you have configure NAT  also and create one ACL for NAT. deny your remote site ip on NAT ACL.

0 Helpful

Go to solution
tsabsuavyaj
Level 1
Level 1
In response to Hardik Vaidh

‎01-02-2013 10:53 AM

I did and yes it worked as expected.

Thanks,

0 Helpful

Go to solution
tsultani@vintageits.com
Level 1
Level 1
In response to Hardik Vaidh

‎01-12-2019 07:45 PM - edited ‎01-12-2019 07:47 PM

 
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents