Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!
Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!
Act now. This offer ends July 14, 2017.
Course Of The Month
2 days, 11 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
IPsec Branch Offices
Posted on 2012-12-26
We have recently moved most of our company Branch offices to local ISPs from leased lines. The sites have either 2811 or 1941 routers terminating the IPsec connection on the branch end, and our HQ end with ASA 5510s.
The Sites that have been moved to the VPN solutions cannot see or talk to other VPN sites.
ie. Someone in Site A cannot connect to the computers in Site B. but from the HQ side, anyone can see all branch sites. and all branch sites can communicate with the HQ side.
These are site-to-site VPN connections. Does anyone have any thoughts as to how we could make the different branch offices talk to each other.
I know that moving to a DMVPN solution would solve this problem, however that is not a possibility at this time. I'm hoping there is another work around for what we currently have in place.
The Sites that have been moved to the VPN solutions cannot see or talk to other VPN sites.
ie. Someone in Site A cannot connect to the computers in Site B. but from the HQ side, anyone can see all branch sites. and all branch sites can communicate with the HQ side.
These are site-to-site VPN connections. Does anyone have any thoughts as to how we could make the different branch offices talk to each other.
I know that moving to a DMVPN solution would solve this problem, however that is not a possibility at this time. I'm hoping there is another work around for what we currently have in place.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3 Comments
This needs to be done through your 5510 in main branch ,you can setup routing to accomplish this. it's easy .
we have a similar setup and all branches can talk to each other but traffic goes through main branch as the central point .
we have a similar setup and all branches can talk to each other but traffic goes through main branch as the central point .
akhalighi is right that this can be done on the 5510. My guess would be that you are missing branch sites in your crypto maps, nonat statements, same-security permit, or a combination. It would be helpful to post the config of your HQ and at least 2 branches.
Good example:
http://popravak.wordpress.com/2011/11/02/cisco-asa-spoke-to-spoke-ipsec-vpn/
Good example:
http://popravak.wordpress.com/2011/11/02/cisco-asa-spoke-to-spoke-ipsec-vpn/
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues. There are…
We've been using the Cisco/Linksys RV042 for years as:
- an internet Gateway
- a site-to-site VPN device
- a leased line site-to-site subnet-to-subnet interface
(And, here I'm assuming that any RV0xx behaves the same way as an RV042. So that's …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month2 days, 11 hours left to enroll
696 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.