07-19-2022 05:04 AM
Hello Guys, i am wondering if there is a methode to make a Tunnel in a Tunnel. Something like a Tunnel between two ASA Firewalls and then a Tunnel between two Router. PC0 and PC1 should be Tunneling though the Firewalls and then though the Routers.
Solved! Go to Solution.
07-19-2022 06:40 AM
Permit ip 192.168.20.0 255.255.255.0 193.168.20.0 255.255.255.0
the ACL is same in both router ? this is why IPsec tunnel is failed.
also the source and destiantion is same in ACL ?
07-19-2022 05:07 AM - last edited on 07-21-2022 05:24 AM by Translator
no specific method,
config Tunnel 1 between R
Tunnel 1 ACL must permit the subnet of Out of ASA FW
config tunnel 2 between ASA FW
Tunnel 2 ACL must permit the subnet of IN of ASA FW
now you have Tunnel in Tunnel
07-19-2022 05:17 AM - last edited on 07-21-2022 05:25 AM by Translator
ACL Between Router Permits any ips ACL Between ASA FR Permits in subnets
Tunnel from Firewall to Firewall works, but from Router to Router does not Tunnel just routs it though.
07-19-2022 05:22 AM
share config here
07-19-2022 06:03 AM
Router0 10.10.5.2 | Router1 10.10.5.3 |
Crypto isakmp enable | Crypto isakmp enable |
Crypto isakmp policy 10 | Crypto isakmp policy 10 |
Authentication pre-share | Authentication pre-share |
Encryption aes 256 | Encryption aes 256 |
Hash sha | Hash sha |
Group 5 | Group 5 |
exit | exit |
Crypto isakmp key cisco address 10.10.5.3 | Crypto isakmp key cisco address 10.10.5.2 |
Crypto ipsec transform-set vpnset esp-aes 256 esp-sha-hmac | Crypto ipsec transform-set vpnset esp-aes 256 esp-sha-hmac |
Ip access-list extended vpnacl | Ip access-list extended vpnacl |
Permit ip 192.168.20.0 255.255.255.0 193.168.20.0 255.255.255.0 | Permit ip 193.168.20.0 255.255.255.0 192.168.20.0 255.255.255.0 |
exit | exit |
Crypto map vpnmap 10 ipsec-isakmp | Crypto map vpnmap 10 ipsec-isakmp |
Match address vpnacl | Match address vpnacl |
Set peer 10.10.5.3 | Set peer 10.10.5.2 |
Set transform-set vpnset | Set transform-set vpnset |
exit | exit |
Int se0/1/0 | Int se0/1/0 |
Crypto map vpnmap | Crypto map vpnmap |
07-19-2022 06:40 AM
Permit ip 192.168.20.0 255.255.255.0 193.168.20.0 255.255.255.0
the ACL is same in both router ? this is why IPsec tunnel is failed.
also the source and destiantion is same in ACL ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide