i hve one requirment if you can help me out
I have multilple sites connected via site-to-site ipsec vpn tunnel to HQ terminting on the same interface on HQ.
Requirmet is to redirect traffic coming from all the sites to one of the main site where servers are hosted..
how can i do that.... ??
please let me know wht else infrmation is needed?/
thanks in advance!!
"Requirmet is to redirect traffic coming from all the sites to one of the main site where servers are hosted.."
Please asnwer this question below.
redirecting IPSec encrypted IP-traffic or plain-text IP-traffic coming off the IPSec tunnel from both end points?
You need to policy based static nat on your ASA or Router, in order to redirect IPSec traffic.
Basically your HQ (Device) become a transite path for IPSec traffic as a result of policy based static-nat and actual tunnel end point will be the site where servers are hosted.
I assume, on this servers' remote site, either you have an ASA or Router to terminiated tunnel coming through the translated address to device (i.e. ASA or Router) hosted at server-side remote site.
Hope this answers your question.
i got a bit of it...as i havtn't done polict static nat before....
let me explain u the situation again... to make sure we are on the same page
I am running a site to site ipsec vpn tunnel b/w HQ and 1 branch site say for e.g Site 1
I am running also running a site to site ipsec vpn tunnel b/w HQ and 1 branch site(server site) say for e.g Site 2
nw the requirment is traffic coming from Site 1 to servers should terminate at HQ and afterthat HQ should redirect that traffic to Site 2.
Kindly note :- I am using single physical interface at HQ router for both the Vpns.
Basically what you want to do, is to make two of your remote-spoke sites reachable via the Hub site, correct?
If so, what you would need then is, DMVPN with NHRP enable.
Please follow the link above.
Message was edited by: Rizwan Mohamed