I'm trying to setup IPSEC tunnels in a hub/spoke type fashion. I've emulated this in GNS3 by creating three sites. Each site uses an IOSv router as it's WAN router. I'm using site 2 as the hub and sites 1 and 3 are the spokes. I've been able to get the IPSEC tunnel up (ACTIVE/ACTIVE) between Site 1 and Site 2. But I can't stablish the IPSEC tunnel between Site 2 and Site 3.
I generally know how to do setup an IPSEC tunnel between two sites (point-to-point); such as what exists between Site 1 and Site 2. But as soon as I have to add an additional IPSEC tunnel to the hub router, my understanding falls apart.
Here is a diagram of how the simulation is built.
As you can see I'm using three layer 3 switches as a transport network between the three sites. I want both IPSEC tunnels to land on the same interface (gi0/0) on the Hub router. All traffic in the transport network should be encrypted.
PC1 should be able to ping PC2. Likewise, PC3 should be able to ping PC2. PC3 should not necessarily be able to ping PC1.
The diagram above should show all of the relevant config.
No comments:
Post a Comment