Louie, I wonder how you can do this !!! IPSec requires mirror image of access-list on either side. But the way you are suggesting, we can't have mirror image of access-lists --- EA Louie wrote: > ----- Original Message ----- > From: "pat" > To: > Sent: Wednesday, September 19, 2001 7:35 PM > Subject: experiment with VPN [7:20482] > > > > I have following VPN setup. > > > > > > > > R1 (E0=10.1.1.1/24 & S0=63.211.144.52/24) > > LAN1=10.1.1.0/24 > > > > R2 (E0=10.1.2.1/24 & S0=63.211.154.52/24) > > LAN2=10.1.2.0/24 > > > > R3 (E0=10.1.3.1/24 & S0=63.211.164.52/24) > > LAN3=10.1.3.0/24 > > > > R1 > > /\ > > / \ > > / \ > > / \ > > R2 R3 > > > > > > > > R1, R2, R3 connect to internet. Each have ip route > > 0.0.0.0 0.0.0.0 serial 0. > > LAN machines sitting on Ethernet of each router > with > > 10. IPs connect to internet with router doing NAT. > > > > I am planning to setup site-site VPN between > routers > > R1R2 & R1R3. > > > > Now LAN2 can talk to LAN1 & LAN3 can talk to LAN1. > > > > My question is, is it possible to make LAN2 talk > to > > LAN3 without having > > tunnel between R2 & R3. > > > > I want to to this by routing through R1. Is it > > possible ? Has anybody done this ? If yes how ? > > > 1. yes, it's possible. > 2. yes, I've done it > 3. by > a. setting your crypto access list on R1 to > encrypt both LAN1 and LAN2 > traffic to R3, and LAN1 and LAN3 traffic to R2. > b. making sure that your routing is set up > properly so that LAN2 traffic > to LAN3 is routed via R1 and vice versa. > > also see > http://www.cisco.com/warp/public/707/ios_hub-spoke.html > > > Thanks, > > pat > > > > > > __________________________________________________ > > Terrorist Attacks on U.S. - How can you help? > > Donate cash, emergency relief information > > > http://dailynews.yahoo.com/fc/US/Emergency_Information/ > [EMAIL PROTECTED] > > > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at > http://mail.yahoo.com > __________________________________________________ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20619&t=20482 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]