Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
410
Views
5
Helpful
2
Replies

tunnel within tunnel

Catalin Ciubotariu
Level 1
Level 1

‎06-09-2014 11:37 PM - edited ‎03-11-2019 09:18 PM

Hello All,

I have to build an IPsec tunnel from some box to a Cisco ASA  - this will be site-to-site IPsec. Within this tunnel, another IPsec or SSL encrypted traffic will pass and this traffic will be routed from Cisco ASA to another box inside. There is going decrypted and routed to destination.

My problem is that I don´t know what and how to define as interesting traffic (encryption domain) on Cisco ASA.

Many thanks for your help.

Labels:
0 Helpful
2 Replies 2

Maykol Rojas
Cisco Employee
Cisco Employee

‎09-15-2014 05:52 PM

 

Hello;

Well, assuming that the inner header of the inside tunnel is not natted, it would be between the IP addresses of endpoints within the new tunnel.

 

That should do the trick, let me know if you got what I tried to say.

 

Mike.

Mike

Marius Gunnerud
VIP
VIP

‎09-15-2014 11:48 PM

Basically the peer addresses of the second tunnel will be defined as interesting traffic in the first tunnel.  The traffic between hosts would be defined as interesting traffic in the second tunnel.

Remember to configure NAT exemption / Twice NAT to prevent interesting traffic from being NATed in the case that you are using NAT that is.  In the first tunnel you would configure NAT exemption for the peer addresses of the second tunnel, and if you have NAT configured on the second ASA then you would need to configure NAT exemption for the Host VPN traffic.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card