cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2749
Views
0
Helpful
6
Replies

ipsec vpn tunnel redirection

shekhar
Level 1
Level 1

                   Hi All.,,

i hve one requirment if you can help me out

I have multilple sites connected via site-to-site ipsec vpn tunnel to HQ terminting on the same interface on HQ.

Requirmet is to redirect traffic  coming from all the sites to one of the main site where servers are hosted..

how can i do that.... ??

please let me know wht else infrmation is needed?/

thanks in advance!!

6 Replies 6

rizwanr74
Level 7
Level 7

Hi Shekhar,

"Requirmet is to redirect traffic  coming from all the sites to one of the main site where servers are hosted.."

Please asnwer this question below.

redirecting IPSec encrypted IP-traffic or plain-text IP-traffic coming off the IPSec tunnel from both end points?

Hi rizwan,

It is redirecting ipsec-encrypted traffic

You need to policy based static nat on your ASA or Router, in order to redirect IPSec traffic.

Basically your HQ (Device) become a transite path for IPSec traffic as a result of policy based static-nat and actual tunnel end point will be the site where servers are hosted.

I assume, on this servers' remote site, either you have an ASA or Router to terminiated tunnel coming through the translated address to device (i.e. ASA or Router) hosted at server-side remote site.

Hope this answers your question.

thanks

Rizwan Rafeek

i got a bit of it...as i havtn't done polict static nat before....

let me explain u the situation again... to make sure we are on the same page

I am running a site to site ipsec vpn tunnel b/w HQ and 1 branch site say for e.g  Site 1

I am running also running a site to site ipsec vpn tunnel b/w HQ and 1 branch site(server site) say for e.g Site 2

nw the requirment is traffic coming from Site 1 to servers should terminate at HQ and afterthat HQ should redirect that traffic  to Site 2.

Kindly note :- I am using single physical interface at HQ router for both the Vpns.

Hi Shekhar,

Basically what you want to do, is to make two of your remote-spoke sites reachable via the Hub site, correct?

If so, what you would need then is, DMVPN with NHRP enable.

http://www.cisco.com/image/gif/paws/43067/dmvpn-gre-eigrp.pdf

Please follow the link above.

thanks

Message was edited by: Rizwan Mohamed

Hi Riazwan,,

I have the exact same requirment .., I will create DMVPN with nhrp and check if the solution works.

Thks for the help!!