Posted on 2013-12-24
We have about 100 remote sites with IPsec tunnels terminated to our HQ Cisco ISR router in a hub-spoke design. Each site has Sonicwall TZ105 router, and each site has its own network ID. Meaning that each site IP addressing is different (10.10.xx.0/24 xx being 0-255). And so far, everything works flawlessly. So, here is the challenge; for continuity and easy management, my boss wants to use same network ID for each site so that every site is configured the same way from the router to connected devices: same IP address information for each type of connected device at each site. As great as that would be for me as the network admin, the problem comes down to the HQ end where VPN tunnels are terminated: users at HQ regularly need remote access to each site for remote network devices management or just VNC into remote users' PCs.
Let's assume that Cisco IOS would allow to use same ACL for every site's crypto map, how would HQ router know where to route an given packet to specific remote device thru VPN tunnel?
So, I have not researched or looked into all possible options to re-design this, but I want to start here and see if anyone has come across similar situation and found a way around that.
- we do not have MPLS and we do not plan to go with MPLS yet.
- Our Cisco ISR router is running Cisco IOS version 15.1T