[c-nsp] IPSec VPN client to router, then router to router

Church, Charles cchurc05 at harris.com
Fri Jul 18 17:12:17 EDT 2008 

Yep, it's definitely possible.  Just figured out what it was.  My bogon
filter on router B was sending all 172.16/12 stuff to null0, and that
was my local pool on router A.  Doh!!! 

Vijay, no need to lab it, working fine now.

Thanks,

Chuck 

-----Original Message-----
From: Luan M Nguyen [mailto:luan at t3technology.com] 
Sent: Friday, July 18, 2008 3:04 PM
To: Church, Charles; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] IPSec VPN client to router, then router to router


I am thinking it's possible.  Your client dials in, get IP from a pool
on A,
looks at the routing table see the resource through GRE/IPSEC tunnel
between
A-B, goes there, then if A advertises the pool network to B, you are set
for
the return traffic.
crypto map just have 2 instances...
crypto map Chuck 10 ipsec-isakmp dynamic for dial clients and crypto map
Chuck 20 ipsec-isakmp for GRE/IPSEC tunnel...
It should work right?

-Luan

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Church, Charles
Sent: Friday, July 18, 2008 1:24 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] IPSec VPN client to router, then router to router

Anyone,

	I'm having trouble getting the following config to work.  I'm
not sure if this is possible.  I've got 2 878 routers attached to
internet.  Router A supports remote clients.  Router A has a LAN to LAN
IPSec connection to Router B.  B does not support clients.  Is it
possible for the client to establish a connection to Router A, then
access resources off of router B via the LAN-LAN tunnel?  In other
words, packet comes in client tunnel, then is forwarded back out the
LAN-LAN tunnel off of the same interface to get to router B.  Return
traffic takes reverse path, obviously.

Thanks,
 
Chuck 
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list