VPN Site to Site and remote access

Bill Bill · ‎02-06-2017

Hi

I have an issue to configure a VPN in my local router

The configuration between the two site is OK ,I can access from the local network to the remote HQ network ( I don't have the right to configure the HQ router )

The problem is I need to add a remote VPN client to access remotly from my computer to my local router and then connect to the remote HQ network

Can you please help on how to do this ,knowing that I will split my local subnet ,that I am using for the Ipsec with the HQ , to use it on my remote clients VPN IP pool ,because I can note authorize a new network on the remote HQ (we don't have access )

Thanks

You can find in the image below the topology information

Rahul Govindan · ‎02-06-2017

I don't think anything more is required for this to work since you don't have a NAT for the traffic from VPN client to remote network. Here is what I see should happen:

1) VPN traffic from client reaches Local Router (LR) and gets decrypted. Since the actual IP headers point to the remote destination, it points destination interface as outside interface.

2) Traffic matches existing crypto rules and goes across the tunnel.

3) Return traffic matches route for destination to outside interface (static route to VPN pool on tunnel establishment) and is sent out via VPN client tunnel.

Does this work for you with the config you have now?

Bill Bill · ‎02-07-2017

Hi Govindan and thank you for the answer . I am using the same interface to establish the tunnel with the HQ router and the VPN client ,and my configuration is not working ,(this is the first time I'm configuring a VPN ,I m only a ccna level )

Do you have any suggestion for this configuration ?

Thanks ,

Rahul Govindan · ‎02-08-2017

Can you attach a santized config here?