cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
touristsis
Contributor III
Contributor III

3 sites A, B, and C. How can I communicate between all three via VPN.

Jump to solution

I have three site

A.  Main site.  Static ip address - 192.168.150.0/24
B.  Remote site.  Static ip address - 10.10.150.0/24
C.  Remote cite.  DHCP ip address - 10.10.50.0/24

Site B ------------GRE OVER IPSEC------------------------Site A--------------VPN IPSEC-------------------------------------------------Site C (does not have static ip address).

is it possible for me to communicate between site B and C without creating a VPN between C and B?  Can I somehow just route B and C through A?

0 Kudos
1 Solution

Accepted Solutions
vmaxdawg05
Contributor III
Contributor III

Re: 3 sites A, B, and C. How can I communicate between all three via VPN.

Jump to solution

Yes.  If you configure your traffic selectors with the other two VPN's (A and B) & (A and C).  They called it haripinning in the Cisco world.

In the VPN between A and B, include the Site C network 10.10.50.0 /24 in the source along with the Site A network 192.168.150.0 /24.

Example of the traffic selector:

Site A VPN to site B

ip access-list extended VPN-10-vpn-selectors

  permit ip 192.168.150.0 0.0.0.255  10.10.150.0 0.0.0.255

  permit ip 10.10.50.0 0.0.0.255  10.10.150.0 0.0.0.255

Site A VPN to C

ip access-list extended VPN-20-vpn-selectors

  permit ip 192.168.150.0 0.0.0.255  10.10.50.0 0.0.0.255

  permit ip 10.10.150.0 0.0.0.255  10.10.50.0 0.0.0.255

Site B VPN to A

ip access-list extended VPN-10-vpn-selectors

  permit ip 10.10.150.0 0.0.0.255  192.168.150.0 0.0.0.255

  permit ip 10.10.150.0 0.0.0.255  10.10.50.0 0.0.0.255

Site C VPN to A

ip access-list extended VPN-10-vpn-selectors

  permit ip 10.10.50.0 0.0.0.255  192.168.150.0 0.0.0.255

  permit ip 10.10.50.0 0.0.0.255  10.10.150.0 0.0.0.255

This will allow the traffic from C to travel in to A and then out to B.   Same goes the other way with B to C.

Just keep in mind that A will be using more bandwidth and CPU.

View solution in original post

0 Kudos
2 Replies
vmaxdawg05
Contributor III
Contributor III

Re: 3 sites A, B, and C. How can I communicate between all three via VPN.

Jump to solution

Yes.  If you configure your traffic selectors with the other two VPN's (A and B) & (A and C).  They called it haripinning in the Cisco world.

In the VPN between A and B, include the Site C network 10.10.50.0 /24 in the source along with the Site A network 192.168.150.0 /24.

Example of the traffic selector:

Site A VPN to site B

ip access-list extended VPN-10-vpn-selectors

  permit ip 192.168.150.0 0.0.0.255  10.10.150.0 0.0.0.255

  permit ip 10.10.50.0 0.0.0.255  10.10.150.0 0.0.0.255

Site A VPN to C

ip access-list extended VPN-20-vpn-selectors

  permit ip 192.168.150.0 0.0.0.255  10.10.50.0 0.0.0.255

  permit ip 10.10.150.0 0.0.0.255  10.10.50.0 0.0.0.255

Site B VPN to A

ip access-list extended VPN-10-vpn-selectors

  permit ip 10.10.150.0 0.0.0.255  192.168.150.0 0.0.0.255

  permit ip 10.10.150.0 0.0.0.255  10.10.50.0 0.0.0.255

Site C VPN to A

ip access-list extended VPN-10-vpn-selectors

  permit ip 10.10.50.0 0.0.0.255  192.168.150.0 0.0.0.255

  permit ip 10.10.50.0 0.0.0.255  10.10.150.0 0.0.0.255

This will allow the traffic from C to travel in to A and then out to B.   Same goes the other way with B to C.

Just keep in mind that A will be using more bandwidth and CPU.

View solution in original post

0 Kudos
touristsis
Contributor III
Contributor III

Re: 3 sites A, B, and C. How can I communicate between all three via VPN.

Jump to solution


Thanks!  that was it.