cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
477
Views
0
Helpful
5
Replies

VPN Router-Router Hub and Comminication between the Spokes

steven.wright
Level 1
Level 1

Hi All, I'm beginning to get a little frustrated setting the above up. I have 3 sites A,B & C. Site A is the hub and has VPN connections to both B and C, however I would like Site B to communicate to site C via site A. Please see attached, you will see what I have configured so far....

The VPN between site A and B is working and between A and C.... but not B & C!!!

5 Replies 5

5220
Level 4
Level 4

Hi,

You need to disable fast switching on the outside interface:

Router(config-if)# no ip route-cache

(when the router see a packet entering and then exiting the same interface, puts that in fast switching and doesn't process the packet).

See http://cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7ca.html for more details.

As well, on Sire A you can add statics for site B and C subnets pointing to the external interface of the router. This will prevent a fast switching behaviour.

If this helped, please rate.

Regards,

Daniel

Hi Daniel,

Thanks for your reply, I have done as suggested and disabled fast switching, also added the 2 routes to SiteA router. Still no luck I'm afraid...

Thanks again for you help

Thinking about it, I dont know if this makes a difference, but I NONAT acces-lists.....

also getting an access denied message when packet debugging in SiteA

OK, if it is not a missconfiguration somewhere and this stil doesn't work, you can use GRE/IPSEC scenario. Since the traffic will be between two GRE interfaces and not back and forth on one interface, this should solve your problem.

Please rate if thie helped.

Regards,

Daniel