09-09-2016 12:37 AM - edited 02-21-2020 08:58 PM
Hi All respected members.
I am not an expert in VPN domain. My question is
client--------------------------->HQ-------------------------------------->Partner subnet
anyconnect IPsec tunnel
So my scenario is like that
our HQ wants to connect the clients to Partner subnet through HQ.
Clients have not information about the Partner only the subnet they will be allowed.
Partner dont have my information about clients.
they just want to access some resources through HQ.
They dont wnat a direct tunnel from clients to Partner.
Q: How should i solve this request. please be clear in your answers so that i can understand correctly.
Thanks in advanced
Faraz
09-09-2016 12:58 AM
Hello,
yes, the task can be solved. The easiest way, from my point of view, is to configure dynamic NAT for Anyconnect users on HQ site. Let assume, Anyconnect clients receive IP-addresses from pool 10.10.10.0/24. In HQ you have subnet 192.168.1.0/24 and Partner subnet is 192.168.2.0/24. You have IPsec l2l tunnel between 192.168.1.0/24 (HQ) and 192.168.2.0/24 (Parnter).
Let's assume, you have a free IP-address 192.168.1.250 in HQ office. So, you can configure dynamic NAT on HQ gear, so that you'll translate source IP-addresses from Anyconnect pool 10.10.10.0/24 to an IP address 192.168.1.250 when the destination are from the subnet 192.168.2.0/24 (partner subnet).
If you share the model of your HQ gear and sanitized configuration (delete real IP-addresses and other private info), the community may help you with configuration.
09-16-2016 06:06 AM
Hi boris,
Thanks alot for sending me quick reply.
After discussion My HQ wants that clients= customer can make tunnel directly to the partner now.
I would at least want to try it in my lab.
Thanks alt once again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide