Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
366
Views
0
Helpful
1
Replies

IPSec VPN Traffic Passthrough Issues

thomasg02
Level 1
Level 1

‎11-14-2014 05:33 AM - edited ‎02-21-2020 07:55 PM

Hello,

 

I am currently working with a client on a potential solution to an issue he has at present. The idea is to hold a phone system in a datacenter behind a Cisco ASA 5505, with upto 6 sites connecting in direct over IPSec VPN. (Site to Site)

I am currently trialling with just two sites at the moment, but I am struggling with one part. 

Cisco ASA - Internal IP Range both VPNs connect to = 192.168.14.x (Remote Site)

2x Remote Sites with Draytek 2860 = 192.168.1.x (Site A) & 192.168.2.x  (Site B)

Normal VPN traffic is working as expected, Site A can connect to Remote Site and vice versa, and the same for Site B.

However, in rare circumstances, the phones will need to pass traffic direct between sites. So that means Site A sending traffic to Site B. We want to avoid having to run 7 VPNs at all sites, to connect them all directly. As such, I am looking for a way to route traffic using Cisco ASDM (this is the only access we have presently) from Site A to Site B if the Cisco sees traffic from 192.168.1.x trying to talk to 192.168.2.x. 

The Drayteks are passing the traffic down the VPNs per custom policies. As such, I just need the Cisco to know what to do with the traffic. 

Does anyone have any ideas?

Many Thanks

Labels:
0 Helpful
1 Reply 1

sprocket10
Level 2
Level 2

‎11-18-2014 05:38 AM

You need to add a static route on both Drayteks to tell them to send traffic for the remote site via the 5505.

And possibly an access rule on the 5505 to allow traffic between the 2 remote sites.

0 Helpful
Customers Also Viewed These Support Documents