Here's a quick run down of my topology-
Datacenter location (Cisco ASA) 10.0.0.0/24 <><><><>Site to site VPN<><><><>East coast branch office (Fortigate) 172.16.23.0/24
Datacenter has 10+ other remote locations with site to site tunnels in various other subnets- 192.168.x.x/24
My client has request to access the other remote locations from the east coast branch office through the Datacenter. For example from a host in the 172.16.23.0 network wants to access services in the 192.168.x.x range. I checked this out and it looks like because the other networks are connected to the ASA at the datacenter are site to site tunnels and not local networks it's not a matter of adding them into IKE phase 2 selectors. I believe this is "Hair pinning".
Any of you have thoughts on this. I'm trying to confirm if I need to configure routing,etc. on the ASA, Fortigate or both!
Thanks!
No comments:
Post a Comment