Smart questions
Smart answers
Smart people
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login
Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

LINK TO THIS FORUM!

Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

Tek-Tips LinkedIn® Group

Partner With Us!

"Best Of Breed" Forums Add Stickiness To Your Site
Partner Button
(Download This Button Today!)

Feedback

"...It's fun to see others going through the same stuff I did and be able to help. It's also a way for me to stay sharp and not lose the stuff I've learned..."
More...

Geography

Where in the world do Tek-Tips members come from?
Click Here To Find Out!

Tek-Tips Shirts!

Get Tek-Tips Swag
Get your
Tek-Tips Forums
SWAG here!
Home > Forums > MIS/IT > Security Solutions > Cisco Systems: ASA Series Forum

Two IPsec tunnels and hairpin between them

thread1598-1681428
Read More Threads Like This One
cormon (TechnicalUser)
25 Apr 12 4:38
HI Guys,

I have the following requirement to achieve and just need to ensure that it is possible. Please see attached the relevant diagram.

http://dl.dropbox.com/u/4426466/forum%20post.jpg

The Firewall in the Middle (Data Center) has only one purpose to terminate the VPNs and hair pin them . It has no LAN.

Why are we doing this ?? Company 2 needs to see the source of the ipsec traffic to be an Indian ip addr.

I need to have the traffic flow between the 10.21.121.0/24 on site 1 to the network 192.168.7.0/24 on site B .Is this possible once I have.

same-security-traffic permit intra-interface

the networks at both ends included in the encryption domain.
a no nat statement on the middle firewall for the both networks,

How would I place a second firewall in the middle tier to be redundant if the main one failed. HSRP or similiar ???

Thanks in advance
baddos (MIS)
25 Apr 12 14:18
Why not just establish a second ipsec connection between the two sites? It doesn't make much sense to go through the additional overhead of traversing two tunnels to get to it's destination when it could be done with one.
Read More Threads Like This One

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Back To Forum

Back To Cisco Systems: ASA Series

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close