connecting a subnet by connecting through anyconnect to HQ and ipSec tunnel to a customer

sfarazaz123 · ‎09-09-2016

Hi All respected members.

I am not an expert in VPN domain. My question is

client--------------------------->HQ-------------------------------------->Partner subnet

anyconnect IPsec tunnel

So my scenario is like that

our HQ wants to connect the clients to Partner subnet through HQ.

Clients have not information about the Partner only the subnet they will be allowed.

Partner dont have my information about clients.

they just want to access some resources through HQ.

They dont wnat a direct tunnel from clients to Partner.

Q: How should i solve this request. please be clear in your answers so that i can understand correctly.

Thanks in advanced

Faraz

Boris Uskov · ‎09-09-2016

Hello,

yes, the task can be solved. The easiest way, from my point of view, is to configure dynamic NAT for Anyconnect users on HQ site. Let assume, Anyconnect clients receive IP-addresses from pool 10.10.10.0/24. In HQ you have subnet 192.168.1.0/24 and Partner subnet is 192.168.2.0/24. You have IPsec l2l tunnel between 192.168.1.0/24 (HQ) and 192.168.2.0/24 (Parnter).
Let's assume, you have a free IP-address 192.168.1.250 in HQ office. So, you can configure dynamic NAT on HQ gear, so that you'll translate source IP-addresses from Anyconnect pool 10.10.10.0/24 to an IP address 192.168.1.250 when the destination are from the subnet 192.168.2.0/24 (partner subnet).

If you share the model of your HQ gear and sanitized configuration (delete real IP-addresses and other private info), the community may help you with configuration.

sfarazaz123 · ‎09-16-2016

Hi boris,

Thanks alot for sending me quick reply.

After discussion My HQ wants that clients= customer can make tunnel directly to the partner now.

I would at least want to try it in my lab.

Thanks alt once again.