Solved

IPsec Branch Offices

Posted on 2012-12-26
3
279 Views
Last Modified: 2013-01-31
We have recently moved most of our company Branch offices to local ISPs from leased lines. The sites have either 2811 or 1941 routers terminating the IPsec connection on the branch end, and our HQ end with ASA 5510s.

The Sites that have been moved to the VPN solutions cannot see or talk to other VPN sites.

ie. Someone in Site A cannot connect to the computers in Site B. but from the HQ side, anyone can see all branch sites. and all branch sites can communicate with the HQ side.

These are site-to-site VPN connections. Does anyone have any thoughts as to how we could make the different branch offices talk to each other.

I know that moving to a DMVPN solution would solve this problem, however that is not a possibility at this time. I'm hoping there is another work around for what we currently have in place.
0
Comment
Question by:shanehooton
3 Comments
 
LVL 10

Expert Comment

by:akhalighi
ID: 38721993
This needs to be done through your 5510  in main branch ,you can setup routing to accomplish this. it's easy .

we have a similar setup and all branches can talk to each other but traffic goes through main branch as the central point .
0
 
LVL 20

Expert Comment

by:rauenpc
ID: 38722071
akhalighi is right that this can be done on the 5510. My guess would be that you are missing branch sites in your crypto maps, nonat statements, same-security permit, or a combination. It would be helpful to post the config of your HQ and at least 2 branches.

Good example:
http://popravak.wordpress.com/2011/11/02/cisco-asa-spoke-to-spoke-ipsec-vpn/
0
 
LVL 9

Accepted Solution

by:
Sandeep Gupta earned 500 total points
ID: 38722961
I work on such scenarios.

tip to proceed

configure a dynamic routing protocol in all sites/HQ. put your IPSEC tunnels in routing protocol.

I think you want full mesh instead of hub & spoke.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now