The Adtran community holiday season is starting next week! The holiday period will span from December 21, 2024 to January 6, 2025. During this time, responses to feedback form submissions may be delayed. If you are encountering product issues, you can reach out to Adtran support at any time.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Anonymous
Not applicable

3 sites A, B, and C. How can I communicate between all three via VPN.

Jump to solution

I have three site

A.  Main site.  Static ip address - 192.168.150.0/24
B.  Remote site.  Static ip address - 10.10.150.0/24
C.  Remote cite.  DHCP ip address - 10.10.50.0/24

Site B ------------GRE OVER IPSEC------------------------Site A--------------VPN IPSEC-------------------------------------------------Site C (does not have static ip address).

is it possible for me to communicate between site B and C without creating a VPN between C and B?  Can I somehow just route B and C through A?

0 Kudos
1 Solution

Accepted Solutions
Anonymous
Not applicable

Re: 3 sites A, B, and C. How can I communicate between all three via VPN.

Jump to solution

Yes.  If you configure your traffic selectors with the other two VPN's (A and B) & (A and C).  They called it haripinning in the Cisco world.

In the VPN between A and B, include the Site C network 10.10.50.0 /24 in the source along with the Site A network 192.168.150.0 /24.

Example of the traffic selector:

Site A VPN to site B

ip access-list extended VPN-10-vpn-selectors

  permit ip 192.168.150.0 0.0.0.255  10.10.150.0 0.0.0.255

  permit ip 10.10.50.0 0.0.0.255  10.10.150.0 0.0.0.255

Site A VPN to C

ip access-list extended VPN-20-vpn-selectors

  permit ip 192.168.150.0 0.0.0.255  10.10.50.0 0.0.0.255

  permit ip 10.10.150.0 0.0.0.255  10.10.50.0 0.0.0.255

Site B VPN to A

ip access-list extended VPN-10-vpn-selectors

  permit ip 10.10.150.0 0.0.0.255  192.168.150.0 0.0.0.255

  permit ip 10.10.150.0 0.0.0.255  10.10.50.0 0.0.0.255

Site C VPN to A

ip access-list extended VPN-10-vpn-selectors

  permit ip 10.10.50.0 0.0.0.255  192.168.150.0 0.0.0.255

  permit ip 10.10.50.0 0.0.0.255  10.10.150.0 0.0.0.255

This will allow the traffic from C to travel in to A and then out to B.   Same goes the other way with B to C.

Just keep in mind that A will be using more bandwidth and CPU.

View solution in original post

0 Kudos
2 Replies
Anonymous
Not applicable

Re: 3 sites A, B, and C. How can I communicate between all three via VPN.

Jump to solution

Yes.  If you configure your traffic selectors with the other two VPN's (A and B) & (A and C).  They called it haripinning in the Cisco world.

In the VPN between A and B, include the Site C network 10.10.50.0 /24 in the source along with the Site A network 192.168.150.0 /24.

Example of the traffic selector:

Site A VPN to site B

ip access-list extended VPN-10-vpn-selectors

  permit ip 192.168.150.0 0.0.0.255  10.10.150.0 0.0.0.255

  permit ip 10.10.50.0 0.0.0.255  10.10.150.0 0.0.0.255

Site A VPN to C

ip access-list extended VPN-20-vpn-selectors

  permit ip 192.168.150.0 0.0.0.255  10.10.50.0 0.0.0.255

  permit ip 10.10.150.0 0.0.0.255  10.10.50.0 0.0.0.255

Site B VPN to A

ip access-list extended VPN-10-vpn-selectors

  permit ip 10.10.150.0 0.0.0.255  192.168.150.0 0.0.0.255

  permit ip 10.10.150.0 0.0.0.255  10.10.50.0 0.0.0.255

Site C VPN to A

ip access-list extended VPN-10-vpn-selectors

  permit ip 10.10.50.0 0.0.0.255  192.168.150.0 0.0.0.255

  permit ip 10.10.50.0 0.0.0.255  10.10.150.0 0.0.0.255

This will allow the traffic from C to travel in to A and then out to B.   Same goes the other way with B to C.

Just keep in mind that A will be using more bandwidth and CPU.

0 Kudos
Anonymous
Not applicable

Re: 3 sites A, B, and C. How can I communicate between all three via VPN.

Jump to solution


Thanks!  that was it.