Remote Access configuration for hybrid Hub-and-Spoke networks

Posted on 2007-10-01
Medium Priority
Last Modified: 2010-04-09
Need some help in configuring remote access VPN via PIX.
Some background.
1. Local network, say network A: 10.10.x.x. With connection to Internet and other site via MPLS.
2. Other site1, say network C: 10.15.x.x.
3. 'spoke' sites from network A, say network B: 10.11.x.x. Appliance used for Site-to-site VPN between B and A is Cisco PIX 515 with PIX 7.2.

So far, all is well between the 3 networks. Traffic is allowed between A, B and C with A as the 'hub' between B and C. Users on network A and B are accessing an application server in network C just fine. Users on B are accessing network C via network A's MPLS.

I now want remote access users from home, to VPN into site A, and still able to access applications hosted in site C. VPN address pool allocated is 192.168.x.x.Packet Tracer on ASDM is used to trace packet from 192.168.x.x to 10.11.x.x to be successful, but the testing revealed otherwise.

What else can I look into to ensure connectivity for Remote Access to network C via tunneling into A?
Question by:minitaz
  • 3
  • 2
LVL 57

Expert Comment

by:Pete Long
ID: 19989873
>>I now want remote access users from home, to VPN into site A, and still able to access applications hosted in site C.

This is called "Hairpinning" you need to be at PIX version 7 at least or this will not work

Author Comment

ID: 19995749
Thanks PeteLong. As stated, the PIX in network A is on PIX version 7.

Author Comment

ID: 19995757
What I have tried so far, is by following this guide: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008046f307.shtml

However, it is not really working, as the destination I need is not through the same interface as it came in.
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Accepted Solution

minitaz earned 0 total points
ID: 20012694
have solved this by putting vpn pool to dhcp.

Expert Comment

ID: 20014063
The Asker has requested that this question be re-opened and PAQ'd as a self-solution.


Please post any comments/objections here.

Thank you.

Experts Exchange Moderator

Expert Comment

ID: 20029689
Closed, 250 points refunded.
Community Support Moderator

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question