12-28-2012 11:53 PM
What is the recommended solution to route multiple subnets over a site to site vpn? Does each subnet require its own policy or can one policy be used for one or more subnets if the remote site has more than one subnets? Also, if the remote site router has only two fastethernet interfaces, will it work if configure one of the interfaces with subinterface or as a router on a stick?
Solved! Go to Solution.
01-01-2013 02:46 PM
if you are talking about static routing then you can simply add the routes and modify the ACL for encrypted traffic accordingly.
if you want to run dynamic routing. then you will have to IPSEC VTI. here is the link
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtIPSctm.html#wp1063136
and though i have not used subinterfaces for IPSEC VTI. but according to me it will work.
01-01-2013 02:46 PM
if you are talking about static routing then you can simply add the routes and modify the ACL for encrypted traffic accordingly.
if you want to run dynamic routing. then you will have to IPSEC VTI. here is the link
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtIPSctm.html#wp1063136
and though i have not used subinterfaces for IPSEC VTI. but according to me it will work.
01-02-2013 10:51 AM
Thank you, that's what I wanted to hear.
01-01-2013 09:52 PM
you can configure loopback host and set as peer for your remote site. and modify the ACL for encrypted traffic accordingly.
you have configure NAT also and create one ACL for NAT. deny your remote site ip on NAT ACL.
01-02-2013 10:53 AM
I did and yes it worked as expected.
Thanks,
01-12-2019 07:45 PM - edited 01-12-2019 07:47 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide