Yep, it's definitely possible. Just figured out what it was. My bogon filter on router B was sending all 172.16/12 stuff to null0, and that was my local pool on router A. Doh!!!
Vijay, no need to lab it, working fine now. Thanks, Chuck -----Original Message----- From: Luan M Nguyen [mailto:[EMAIL PROTECTED] Sent: Friday, July 18, 2008 3:04 PM To: Church, Charles; [email protected] Subject: RE: [c-nsp] IPSec VPN client to router, then router to router I am thinking it's possible. Your client dials in, get IP from a pool on A, looks at the routing table see the resource through GRE/IPSEC tunnel between A-B, goes there, then if A advertises the pool network to B, you are set for the return traffic. crypto map just have 2 instances... crypto map Chuck 10 ipsec-isakmp dynamic for dial clients and crypto map Chuck 20 ipsec-isakmp for GRE/IPSEC tunnel... It should work right? -Luan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Church, Charles Sent: Friday, July 18, 2008 1:24 PM To: [email protected] Subject: [c-nsp] IPSec VPN client to router, then router to router Anyone, I'm having trouble getting the following config to work. I'm not sure if this is possible. I've got 2 878 routers attached to internet. Router A supports remote clients. Router A has a LAN to LAN IPSec connection to Router B. B does not support clients. Is it possible for the client to establish a connection to Router A, then access resources off of router B via the LAN-LAN tunnel? In other words, packet comes in client tunnel, then is forwarded back out the LAN-LAN tunnel off of the same interface to get to router B. Return traffic takes reverse path, obviously. Thanks, Chuck _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
