Re: Question on VPN router (2651) setup for both client/site acc

teck-koon.goh · ‎11-05-2001

I have 2 VPN routers setup for a site-to-site connection from site A to site B. Site A router A is also configured to allow client-to-site access using CISCOSecure VPN client 1.1 on remote machines.

I need to know is it possible for a client on remote site to access site B via router A? that is the client machine have to establish a tunnel to router A then in return using the site-to-site tunnel to access site B network. I know the requirement sounded a bit weird but not sure whether it can be done?

Many thanks.

k.poplitz · ‎11-12-2001

Yes, I think that can be done… with caveats. I couldn’t find any sample configs (it’s probably not a very common requirement) but you’ll have to make sure the host on site b bypasses the site-to-site tunnel. One problem, if the host on site B wants to go to another host on Site B, TCP is going to route those packets directly to that host without going through the gateway (and therefore the VPN tunnel). That makes logical sense since it’s probably 12 hops closer but it may not fir your requirement. You should review this with a Cisco design engineer to see what alternatives and configs will be needed.

Question on VPN router (2651) setup for both client/site access