Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
503
Views
10
Helpful
5
Replies

VPN-Tunnel in VPN-Tunnel for Case Studie

Go to solution
dennisvdt
Level 1
Level 1

ā€Ž07-19-2022 05:04 AM

Hello Guys, i am wondering if there is a methode to make a Tunnel in a Tunnel. Something like a Tunnel between two ASA Firewalls and then a Tunnel between two Router. PC0 and PC1 should be Tunneling though the Firewalls and then though the Routers.

 

Unbenannt.PNG

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP
In response to dennisvdt

ā€Ž07-19-2022 06:40 AM

Permit ip 192.168.20.0 255.255.255.0 193.168.20.0 255.255.255.0 

the ACL is same in both router ? this is why IPsec tunnel is failed.
also the source and destiantion is same in ACL ?

View solution in original post

0 Helpful
5 Replies 5

Go to solution
MHM Cisco World
VIP
VIP

ā€Ž07-19-2022 05:07 AM - last edited on ā€Ž07-21-2022 05:24 AM by Community Manager

no specific method,

config Tunnel 1 between R 
Tunnel 1 ACL must permit the subnet of Out of ASA FW

config tunnel 2 between ASA FW
Tunnel 2 ACL must permit the subnet of IN of ASA FW

now you have Tunnel in Tunnel

Go to solution
dennisvdt
Level 1
Level 1

ā€Ž07-19-2022 05:17 AM - last edited on ā€Ž07-21-2022 05:25 AM by Community Manager 

ACL Between Router Permits any ips
ACL Between ASA FR Permits in subnets 

Tunnel from Firewall to Firewall works, but from Router to Router does not Tunnel just routs it though.

Go to solution
MHM Cisco World
VIP
VIP
In response to dennisvdt

ā€Ž07-19-2022 05:22 AM

share config here 

0 Helpful

Go to solution
dennisvdt
Level 1
Level 1
In response to MHM Cisco World

ā€Ž07-19-2022 06:03 AM

Router0 10.10.5.2 

Router1 10.10.5.3 

Crypto isakmp enable 

Crypto isakmp enable 

Crypto isakmp policy 10 

Crypto isakmp policy 10 

Authentication pre-share 

Authentication pre-share 

Encryption aes 256 

Encryption aes 256 

Hash sha 

Hash sha 

Group 5 

Group 5 

exit 

exit 

Crypto isakmp key cisco address 10.10.5.3 

Crypto isakmp key cisco address 10.10.5.2 

Crypto ipsec transform-set vpnset esp-aes 256 esp-sha-hmac 

Crypto ipsec transform-set vpnset esp-aes 256 esp-sha-hmac 

Ip access-list extended vpnacl 

Ip access-list extended vpnacl 

Permit ip 192.168.20.0 255.255.255.0 193.168.20.0 255.255.255.0 

Permit ip 193.168.20.0 255.255.255.0 192.168.20.0 255.255.255.0 

exit 

exit 

Crypto map vpnmap 10 ipsec-isakmp 

Crypto map vpnmap 10 ipsec-isakmp 

Match address vpnacl 

Match address vpnacl 

Set peer 10.10.5.3 

Set peer 10.10.5.2 

Set transform-set vpnset 

Set transform-set vpnset 

exit 

exit 

Int se0/1/0 

Int se0/1/0 

Crypto map vpnmap 

Crypto map vpnmap 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to dennisvdt

ā€Ž07-19-2022 06:40 AM

Permit ip 192.168.20.0 255.255.255.0 193.168.20.0 255.255.255.0 

the ACL is same in both router ? this is why IPsec tunnel is failed.
also the source and destiantion is same in ACL ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card