RE: IPSec Hairpin on Cisco 2851.

Yes. I will be NATing.

How are you?

I have not gotten back to you for rest of the lab.

Another week or so to complete IPS section and then I will start scheduling
again.

Thanks.

Adil.

-----Original Message-----
From: Tony Schaffran (GS) [mailto:groupstudy_at_cconlinelabs.com]
Sent: Friday, September 24, 2010 9:32 PM
To: 'Adil Pasha'; 'Joseph L. Brunner'; 'Cisco certification'
Subject: RE: IPSec Hairpin on Cisco 2851.

Are you NAT'ing your VPN IP address?

Tony Schaffran
Sr. Network Consultant
CCIE #11071
CCNP, CCNA, CCDA,
NNCDS, NNCSS, CNE, MCSE
 
CCOnlineLabs
Your #1 choice for online Cisco rack rentals.
 

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Adil
Pasha
Sent: Friday, September 24, 2010 4:44 PM
To: 'Joseph L. Brunner'; 'Cisco certification'
Subject: RE: IPSec Hairpin on Cisco 2851.

Thanks for your reply Joseph.

With all due apology I am still confused. Let me put my complete scenario
here:
* My remote client (my laptop) is going to terminate the IPSec tunnel
on Cisco 2851 router in the office.
* The tunnel termination is the loopback interface or it could be f0/0
physical interface of Cisco 2851.
* When I connect to Cisco 2851 I get an IP address (1.1.1.9) assigned
by the router.
* Now I want to get to my internal networks using the same interface
f0/0.
* If the IP address assigned to my laptop is routable that will I be
able to access rest of the network? I do not see why not.
* But if I want to go to Internet (www.cisco.com) that is the problem
and not working.

Is there any sample config that I can review?

Thanks in advance for everyone's support.

Adil.

-----Original Message-----
From: Joseph L. Brunner [mailto:joe_at_affirmedsystems.com]
Sent: Friday, September 24, 2010 5:05 PM
To: Adil Pasha; Cisco certification
Subject: RE: IPSec Hairpin on Cisco 2851.

?

It's not like an asa requiring the "intra" and "inter" interface commands;

With IOS always crypto to crypto as long as both remote subnets are known in
the routing table (or via default route) via the crypto map interface;

Simply make crypto map acl entries providing peer1 peer2's subnets and vice
versa. They'll figure it out. Of course any routers/firewalls at those sites
need to route to their crypto map applied interface and do crypto to get to
the other site :)

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Adil
Pasha
Sent: Friday, September 24, 2010 4:34 PM
To: Cisco certification
Subject: IPSec Hairpin on Cisco 2851.

Just wanted to know if Cisco 2851 supports IPSec Hairpin ?

Could you please let me know if it works and what is the command?

I could not find it.

Adil.

Blogs and organic groups at http://www.ccie.net
Received on Fri Sep 24 2010 - 22:26:04 ART