Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
373
Views
0
Helpful
1
Replies

Site to Site VPN

bilaljmi786
Level 1
Level 1

‎05-17-2016 12:10 PM

Hi,

I have two site to site IPSEC tunnels. These tunnels are shown in attached diagram below:

I have one tunnel between point C and point B and other tunnel between point B and point A.

My requirement is to route traffic between LAN of point C & point A through these tunnels.

I want point C LAN subnet (10.100.11.192/28) to talk with LAN behind point A (10.100.19.0/26).

Point B firewall is acting as middleman and both the tunnels from point A & point C with peer IPs 40.123.54.11 and 195.40.113.56

respectively are terminating on point B with same peer Ip address 212.23.56.156.

Is it possible to have a communication between point C & point A LANs in this situation?

As per requirement, the traffic from point A LAN should come to point B firewall through tunnel and after entering the firewall, it should leave for point A LAN subnet through tunnel with the same peer IP address 212.23.56.156 as it entered from point C.

Labels:
Preview file
70 KB
0 Helpful
1 Reply 1

Philip D'Ath
VIP Alumni
VIP Alumni

‎05-17-2016 12:33 PM

I assume this is ASA firewalls, rather than routers.  If not please correct me.

Yes this is possible, but a painful configuration.  I would just build a VPN between point A and C.

Otherwise you need to modify the encryption domain of all three devices to include every subnet that could flow over the VPN, and on B you need to create NAT rules to allow the "through" traffic.

0 Helpful
Customers Also Viewed These Support Documents