I have three site
A. Main site. Static ip address - 192.168.150.0/24
B. Remote site. Static ip address - 10.10.150.0/24
C. Remote cite. DHCP ip address - 10.10.50.0/24
Site B ------------GRE OVER IPSEC------------------------Site A--------------VPN IPSEC-------------------------------------------------Site C (does not have static ip address).
is it possible for me to communicate between site B and C without creating a VPN between C and B? Can I somehow just route B and C through A?
Yes. If you configure your traffic selectors with the other two VPN's (A and B) & (A and C). They called it haripinning in the Cisco world.
In the VPN between A and B, include the Site C network 10.10.50.0 /24 in the source along with the Site A network 192.168.150.0 /24.
Example of the traffic selector:
Site A VPN to site B
ip access-list extended VPN-10-vpn-selectors
permit ip 192.168.150.0 0.0.0.255 10.10.150.0 0.0.0.255
permit ip 10.10.50.0 0.0.0.255 10.10.150.0 0.0.0.255
Site A VPN to C
ip access-list extended VPN-20-vpn-selectors
permit ip 192.168.150.0 0.0.0.255 10.10.50.0 0.0.0.255
permit ip 10.10.150.0 0.0.0.255 10.10.50.0 0.0.0.255
Site B VPN to A
ip access-list extended VPN-10-vpn-selectors
permit ip 10.10.150.0 0.0.0.255 192.168.150.0 0.0.0.255
permit ip 10.10.150.0 0.0.0.255 10.10.50.0 0.0.0.255
Site C VPN to A
ip access-list extended VPN-10-vpn-selectors
permit ip 10.10.50.0 0.0.0.255 192.168.150.0 0.0.0.255
permit ip 10.10.50.0 0.0.0.255 10.10.150.0 0.0.0.255
This will allow the traffic from C to travel in to A and then out to B. Same goes the other way with B to C.
Just keep in mind that A will be using more bandwidth and CPU.
Yes. If you configure your traffic selectors with the other two VPN's (A and B) & (A and C). They called it haripinning in the Cisco world.
In the VPN between A and B, include the Site C network 10.10.50.0 /24 in the source along with the Site A network 192.168.150.0 /24.
Example of the traffic selector:
Site A VPN to site B
ip access-list extended VPN-10-vpn-selectors
permit ip 192.168.150.0 0.0.0.255 10.10.150.0 0.0.0.255
permit ip 10.10.50.0 0.0.0.255 10.10.150.0 0.0.0.255
Site A VPN to C
ip access-list extended VPN-20-vpn-selectors
permit ip 192.168.150.0 0.0.0.255 10.10.50.0 0.0.0.255
permit ip 10.10.150.0 0.0.0.255 10.10.50.0 0.0.0.255
Site B VPN to A
ip access-list extended VPN-10-vpn-selectors
permit ip 10.10.150.0 0.0.0.255 192.168.150.0 0.0.0.255
permit ip 10.10.150.0 0.0.0.255 10.10.50.0 0.0.0.255
Site C VPN to A
ip access-list extended VPN-10-vpn-selectors
permit ip 10.10.50.0 0.0.0.255 192.168.150.0 0.0.0.255
permit ip 10.10.50.0 0.0.0.255 10.10.150.0 0.0.0.255
This will allow the traffic from C to travel in to A and then out to B. Same goes the other way with B to C.
Just keep in mind that A will be using more bandwidth and CPU.
Thanks! that was it.