0

Well, I am making leaps and bounds in what I am learning in the area of IPSec VPN Tunnels. I do have a question, though that I hope I can get a simple answer for.

I have 13 locations that I am trying to connect, which we can refer to as Coporate, and Loc1-Loc12. By 'connect' of course I mean with an IPSec Tunnel so that I can do things like simple file sharing between the subnets, VNC connections, etc.

Our current setup looks like this:
Loc1 has a subnet of 10.148.1.xx, and has one IPSec tunnel to the company who serves our Point of Sale system (10.0.0.0).
Loc2 has a subnet of 10.148.2.xx, and has one IPSec tunnel to the company who serves our Point of Sale system (10.0.0.0).
...and so on...

I would like to set it up so that all of our 12 locations are connected to each other so that no matter what location I am at, I can access all of the other locations. Right now I've been playing around with some tunnels to see what works, and right now I have:
Loc1 <--> Corporate
Loc2 <--> Corporate

These connections are working fine, but Loc1 doesn't see Loc2 and Loc2 doesn't see Loc1. Is it possible to do this without creating 78 tunnels? Or will I have to do this:
Corporate <--> Loc1
Corporate <--> Loc2
etc...

Loc1 <--> Loc2
Loc1 <--> Loc3
etc...

Loc3 <--> Loc2
Loc3 <--> Loc4
etc....

Thanks in advance for any help on this.

3
Contributors
3
Replies
12
Views
3 Years
Discussion Span
Last Post by drumichael87
0

Without more detailed information about this network, it would seem that all you need to do is handle the appropriate routing at the corporate office. There is no need to create 78 individual tunnels.

Whether there are tunnels or not, IPs can be routed. Keep in mind that within the tunnels, you are moving packets around layer 2 and 3. The tunnels are there simply to secure the traffic across untrusted networks.

0

Yeo. You can do this 2 ways, and this of course depends on your VPN equipment.

1) Create the 150-ish tunnels where site A has 12 tunnels (one to each site), site B has 12 tunnel (one to each site) and so on. Not a fun option.

2)The better option, at the HQ, no routes are needed, but you will need new tunnels built for Src=10.148.1.x to Dst=10.148.2.x, 10,148.3.x, etc. Then another set for Src=10.148.2.x to Dst=10.148.1.x, 10.148.3.x, etc. And repeat for every site's subnet. Each site must have the VPN dst setup to send 10.148.0.0/16 to the HQ so that traffic for all sites are encrypted over the tunnel. The HQ will decrypt the traffic, then re-encrypt bound for the new destination.

This works fine. I do this all the time for remotes that VPN into my HQ.

IS this a Cisco Solution? If yes, then you also need to add NONAT entries for subnets to all other subnets....

0

I am using Cisco RV180W routers for this, and I don't think I have the access I need to do the nonat and more advanced stuff like that with these routers. Do you think I would need an ASA at HQ instead?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.