sure you can, you just have to think 'bigger subnets'
access-list 101 permit ip 10.1.0.0 0.0.3.255 10.1.0.0 0.0.3.255
Now tell me that you can't mirror that access list...
Your crypto maps will be different (different next-hop addresses), so using
the same access-list for both really is not a problem (although if you
wanted to, you could create two on R1, just in case the requirement ever
changed)
----- Original Message -----
From: "pat"
To: "EA Louie"
Cc:
Sent: Thursday, September 20, 2001 3:41 PM
Subject: Re: experiment with VPN [7:20482]
> Louie,
>
>
> I wonder how you can do this !!!
>
> IPSec requires mirror image of access-list on either
> side. But the way you are suggesting, we can't have
> mirror image of access-lists
>
>
>
> --- EA Louie wrote:
> > ----- Original Message -----
> > From: "pat"
> > To:
> > Sent: Wednesday, September 19, 2001 7:35 PM
> > Subject: experiment with VPN [7:20482]
> >
> >
> > > I have following VPN setup.
> > >
> > >
> > >
> > > R1 (E0=10.1.1.1/24 & S0=63.211.144.52/24)
> > > LAN1=10.1.1.0/24
> > >
> > > R2 (E0=10.1.2.1/24 & S0=63.211.154.52/24)
> > > LAN2=10.1.2.0/24
> > >
> > > R3 (E0=10.1.3.1/24 & S0=63.211.164.52/24)
> > > LAN3=10.1.3.0/24
> > >
> > > R1
> > > /\
> > > / \
> > > / \
> > > / \
> > > R2 R3
> > >
> > >
> > >
> > > R1, R2, R3 connect to internet. Each have ip route
> > > 0.0.0.0 0.0.0.0 serial 0.
> > > LAN machines sitting on Ethernet of each router
> > with
> > > 10. IPs connect to internet with router doing NAT.
> > >
> > > I am planning to setup site-site VPN between
> > routers
> > > R1R2 & R1R3.
> > >
> > > Now LAN2 can talk to LAN1 & LAN3 can talk to LAN1.
> > >
> > > My question is, is it possible to make LAN2 talk
> > to
> > > LAN3 without having
> > > tunnel between R2 & R3.
> > >
> > > I want to to this by routing through R1. Is it
> > > possible ? Has anybody done this ? If yes how ?
> > >
> > 1. yes, it's possible.
> > 2. yes, I've done it
> > 3. by
> > a. setting your crypto access list on R1 to
> > encrypt both LAN1 and LAN2
> > traffic to R3, and LAN1 and LAN3 traffic to R2.
> > b. making sure that your routing is set up
> > properly so that LAN2 traffic
> > to LAN3 is routed via R1 and vice versa.
> >
> > also see
> >
> http://www.cisco.com/warp/public/707/ios_hub-spoke.html
> >
> > > Thanks,
> > > pat
> > >
> > >
> > > __________________________________________________
> > > Terrorist Attacks on U.S. - How can you help?
> > > Donate cash, emergency relief information
> > >
> >
> http://dailynews.yahoo.com/fc/US/Emergency_Information/
> > [EMAIL PROTECTED]
> >
> >
> >
> _________________________________________________________
> > Do You Yahoo!?
> > Get your free @yahoo.com address at
> > http://mail.yahoo.com
> >
>
>
> __________________________________________________
> Terrorist Attacks on U.S. - How can you help?
> Donate cash, emergency relief information
> http://dailynews.yahoo.com/fc/US/Emergency_Information/
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=20620&t=20482
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
