05-04-2012 05:23 AM - edited 02-21-2020 06:02 PM
Hi All.,,
i hve one requirment if you can help me out
I have multilple sites connected via site-to-site ipsec vpn tunnel to HQ terminting on the same interface on HQ.
Requirmet is to redirect traffic coming from all the sites to one of the main site where servers are hosted..
how can i do that.... ??
please let me know wht else infrmation is needed?/
thanks in advance!!
05-04-2012 12:27 PM
Hi Shekhar,
"Requirmet is to redirect traffic coming from all the sites to one of the main site where servers are hosted.."
Please asnwer this question below.
redirecting IPSec encrypted IP-traffic or plain-text IP-traffic coming off the IPSec tunnel from both end points?
05-04-2012 12:31 PM
Hi rizwan,
It is redirecting ipsec-encrypted traffic
05-04-2012 12:47 PM
You need to policy based static nat on your ASA or Router, in order to redirect IPSec traffic.
Basically your HQ (Device) become a transite path for IPSec traffic as a result of policy based static-nat and actual tunnel end point will be the site where servers are hosted.
I assume, on this servers' remote site, either you have an ASA or Router to terminiated tunnel coming through the translated address to device (i.e. ASA or Router) hosted at server-side remote site.
Hope this answers your question.
thanks
Rizwan Rafeek
05-04-2012 01:15 PM
i got a bit of it...as i havtn't done polict static nat before....
let me explain u the situation again... to make sure we are on the same page
I am running a site to site ipsec vpn tunnel b/w HQ and 1 branch site say for e.g Site 1
I am running also running a site to site ipsec vpn tunnel b/w HQ and 1 branch site(server site) say for e.g Site 2
nw the requirment is traffic coming from Site 1 to servers should terminate at HQ and afterthat HQ should redirect that traffic to Site 2.
Kindly note :- I am using single physical interface at HQ router for both the Vpns.
05-06-2012 09:37 AM
Hi Shekhar,
Basically what you want to do, is to make two of your remote-spoke sites reachable via the Hub site, correct?
If so, what you would need then is, DMVPN with NHRP enable.
http://www.cisco.com/image/gif/paws/43067/dmvpn-gre-eigrp.pdf
Please follow the link above.
thanks
Message was edited by: Rizwan Mohamed
05-07-2012 06:32 AM
Hi Riazwan,,
I have the exact same requirment .., I will create DMVPN with nhrp and check if the solution works.
Thks for the help!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide