Nested Tunnel - Tunnel inside Tunel

LNavaraj · ‎02-15-2002

Hi, am wondering whether Cisco supports Nested tunneling?! i mean Tunnel inside Tunnel ( IPSec - 3DES). Any body has got any idea?

Host A --> RouterA --> Concentrator 3030 -->PIX515 -->RouterB -->HostB

The Outer Tunnel is between Concentrator 3030 and PIX515 and the Inside Tunnel is between RouterA and Router B.

pdentico · ‎02-15-2002

I don't know whether it is "supported", but it can be done.

We do it for encapsulating IPX through our VPN connections.

Just make sure you have matching 12.0 or later IOS on the routers. We had some problems with older versions and version mismatches.

jfrahim · ‎02-19-2002

It is possible.. A lot of ppl do that for GRE and IPSEC tunnels

LNavaraj · ‎02-22-2002

Could you please explain... I tried it but the tunnell is not getting established between Router A and Router B when i try to pass through the VPN concentrator and PIX's tunnel.

noc · ‎02-22-2002

yes cisco supports this.. see this link for

ideas

http://www.cisco.com/warp/public/707/index.shtml

bottom line is im fairly sure any IP traffic (ESP, etc) will work over a tunnel (providing you are not filtering anything on the outer tunnel)

LNavaraj · ‎02-23-2002

The concentrator does not seems to be passing the trafic when i initiate the tunnel from Router A side though i configured to allow all traffic.(My privte interface (internal) filter is any any..) Do you have any ideas?!!

LNavaraj · ‎03-03-2002

Finally I found a solution for this problem with a help of Cisco TAC. VPN 3060 does not pass IPSec traffic through inside interface. But when we tried with Cisco Router, it worked fine. Cisco says that, in theory VPN 3060 suppose to work in my scenario, however it didn’t. I hope Cisco will come out with a Solution. ( I don’t know whether it is a bug or not?!!)CISCO! PLEASE MAKE AN ATTENTION TO THIS...