route across vpn tunnel

zeuscyril · ‎10-26-2009

hi friends,

i am having one scenario,but i dont know how to fix it.

i configured vpn tunnel from my headoffice to spain , the tunnel is up and working properly.

second i configured tunnel between my headoffice to one of my remote office,that tunnel is up.

i can access from remote office to main office and from main office to spain.

but i cannt access from remote office to spain.

my thinking is the main office is having both tunnels so it will route the traffic from remote office to spain but not happening,

can u plz provide me example how to route the traffic from remote to spain across vpn tunnel.

Herbert Baerten · ‎10-26-2009

Suppose you have the following networks:

site1: 10.1.1.0/24

site2: 10.2.2.0/24

main : 10.0.0.0/24

then on the site1 router (or firewall) your crypto acl will look like this:

permit ip 10.1.1.0 0.0.0.255 10.0.0.0 0.0.0.255

permit ip 10.1.1.0 0.0.0.255 10.2.2.0 0.0.0.255

on the site2 router:

permit ip 10.2.2.0 0.0.0.255 10.0.0.0 0.0.0.255

permit ip 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255

On the main router, use the mirror of the above acl's.

If you need more help, please post your current config for the 3 routers (assuming you are using IOS routers, if using Pix/Asa the concept is the same but you'll typically also need to adapt NAT exemption).

hth

Herbert