IPSEC Branch to Branch and Branch to Head
Hello friends
I have a Head Office and two Branch Offices.
I have an IPSec tunnel created between each Branch Office through to the Head Office.
The IPSec tunnels both come up and work.
I can get traffic to/from each Branch Office through to the Head Office.
However, I cannot get traffic from either Branch office through to the other Branch Office.
May I know what I'm doing wrong please
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Did you include Branch2's subnet in the Branch1-HQ tunnel 'remote subnets'? Basically if you want to get traffic between B1 and B2, they need to know that their respective subnets are via the tunnel to HQ. Alternatively, create a 3rd tunnel from B1 to B2 and do it that way.
- Copy Link
- Report Inappropriate Content
Dear @d0ugmac1 ,thank you kindly for your prompt response.
Below is what is setup at the moment and the Green tunnels are working fine.I added the remote subnets as per your suggestion and it does not make any difference, the Ipsec only shows the connections between the HEAD and the Two Branches.
when I'm creating a parallel tunnel, I have turned off the existing tunnels to the head office and added B1 as Responder and B2 as Initiator and that doesn't seem to work either.
Also i have Turned the existing Tunnel on between Head Office and B1 ,B2 and it did not make any difference,I have checked the ACL and there is none blocking any traffic between B1 and B2
- Copy Link
- Report Inappropriate Content
Ok, try adding a static route at B1 and B2. For instance
B1: 10.3.0.0/16 gw 10.1.1.1
B2: 10.2.0.0/16 gw 10.1.1.1
- Copy Link
- Report Inappropriate Content
@d0ugmac1 yes. that's what's missing..also missing is the tunnel that must be used between b1 and b2 if head office goes down.
- Copy Link
- Report Inappropriate Content
Only if B1 ever needs to talk to B2, if they were say suppliers to the business at HQ, they wouldn't necessarily want to be able to talk to each other :)
Routing gets a bit more complicated when you have multiple options, and ideally there's be a routing protocol in place to manage this.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 570
Replies: 5
Voters 0
No one has voted for it yet.