Re: VPN Redurect traffic

Dear faizan:-
                   According to my understanding regarding your
topology try 1 thing i thing they wil solve your problem.

i thing your primary Hub and Sec router back-to-back connected to each
other and run any dynamic routing protocol b/w them.

you configure Vpn at primary router then you want to access some
branches terminated on your Sec router??

you need to Redistribute Vpn Route called "Reverse Route" that is
injected in the primary router routing table when vpn user connect
Remotly.by using "Redistribute static" command on your primary router
.or more spacifcally redistribution With route-map.route map must math
your Vpn pool address.

using Redistribution command your vpn pool addresses reachable any
where in your Network

Try, that may Solve your problem

Thanks
Muhammad ADNAN
CCIE R&S

On 11/14/09, faizan khurshid <faizankhurshid921_at_hotmail.com> wrote:
> HUb spoke topoly using DMVPN infact im trying to say that major branches
> comes on HUB RTR Primary with (pimray ISP)
> few branches comes on secondary RTR (with Secodary ISP) as i do Vpn
> remotley
> on HUB Primary RTR i can acces my braches which comes on Primary RTR (with
> Primary ISP) but not able to access those branhces which come on Secodnary
> Rtr(with Secodary ISP)
>
> Primray ISP link terminate on Primary RTR and Secondary ISP Link terminata
> on
> Secodary RTR .Keep 1 think in mind
> i configure Remote access Vpn on Primary RTR
>
> Hope you understand my point
>
>> Date: Sat, 14 Nov 2009 08:05:36 +0100
>> Subject: Re: VPN Redurect traffic
>> From: piotr_at_ccie1.com
>> To: faizankhurshid921_at_hotmail.com
>> CC: ccielab_at_groupstudy.com
>>
>> Hi,
>> The question is do you need spoke-to-spoke connectivity via Hub router? Do
>> you have DMVPN configured or just simple IPSec tunnels from branches to
>> the
>> HQ?
>>
>> Despite of DMVPN, if you have redundant routers on the HQ and you want
>> connect your branches via IPSec VPN the best option would be
>> implementation
>> of IPSec HSRP redundancy. Of course it works only when you have two
> head-end
>> routers in the same VLAN so that HSRP can be configured between them. Then
>> you configure your spokes to connect to the VIP address of HSRP group.
>>
>> If you want DMVPN with two hubs you should configure tunnel routing
> properly
>> to be able to share spokes between hubs. But from you description I assume
>> you want all your spokes to be connected to one hub only.
>>
>> HTH,
>> --
>> Piotr Matusiak
>> CCIE #19860 (R&S, SEC)
>> Technical Instructor
>> MicronicsTraining.com
>>
>> If you can't explain it simply, you don't understand it well enough -
>> Albert Einstein
>>
>>
>> 2009/11/14 faizan khurshid <faizankhurshid921_at_hotmail.com>
>>
>> > Dear All
>> >
>> >
>> > Issue regarding HUB and spoke topology .I have Two RTR Primary and
> seconday
>> > i
>> > configured remote access VPN on Head office Permiter RTR to remotely
>> > acces
>> > my head office and branches .Actually im facing Issue is that the few
>> > branches terminate on Secondary RTR which i m not able to access them
>> > remotely
>> > coz i know the reson i configrued Remote access vpn on permiter RTR
>> > .is ther any possbiility to redirect my traffic so im able to remotely
>> > access
>> > my those branches which comes from secondary router
>> >
>> >
>> >
>> >
>> > _________________________________________________________________
>> > Windows Live: Keep your friends up to date with what you do online.
>> >
>> >
>>
> http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/soci
>> >
>>
> al-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010<ht
>>
> tp://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/soci%0
>>
> Aal-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010>
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>
> _________________________________________________________________
> Windows Live: Make it easier for your friends to see what you re up to on
> Facebook.
> http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/soci
> al-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_2:092009
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sat Nov 14 2009 - 13:35:11 ART