Wednesday, November 27, 2019

Routing through VPN Tunnels

Here's a quick run down of my topology-

Datacenter location (Cisco ASA) 10.0.0.0/24 <><><><>Site to site VPN<><><><>East coast branch office (Fortigate) 172.16.23.0/24

Datacenter has 10+ other remote locations with site to site tunnels in various other subnets- 192.168.x.x/24

My client has request to access the other remote locations from the east coast branch office through the Datacenter. For example from a host in the 172.16.23.0 network wants to access services in the 192.168.x.x range. I checked this out and it looks like because the other networks are connected to the ASA at the datacenter are site to site tunnels and not local networks it's not a matter of adding them into IKE phase 2 selectors. I believe this is "Hair pinning".

Any of you have thoughts on this. I'm trying to confirm if I need to configure routing,etc. on the ASA, Fortigate or both!

Thanks!



No comments:

Post a Comment