cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
508
Views
10
Helpful
5
Replies

VPN-Tunnel in VPN-Tunnel for Case Studie

dennisvdt
Level 1
Level 1

Hello Guys, i am wondering if there is a methode to make a Tunnel in a Tunnel. Something like a Tunnel between two ASA Firewalls and then a Tunnel between two Router. PC0 and PC1 should be Tunneling though the Firewalls and then though the Routers.

 

Unbenannt.PNG

1 Accepted Solution

Accepted Solutions

Permit ip 192.168.20.0 255.255.255.0 193.168.20.0 255.255.255.0 

the ACL is same in both router ? this is why IPsec tunnel is failed.
also the source and destiantion is same in ACL ?

View solution in original post

5 Replies 5

no specific method,

config Tunnel 1 between R 
Tunnel 1 ACL must permit the subnet of Out of ASA FW

config tunnel 2 between ASA FW
Tunnel 2 ACL must permit the subnet of IN of ASA FW

now you have Tunnel in Tunnel

dennisvdt
Level 1
Level 1
ACL Between Router Permits any ips
ACL Between ASA FR Permits in subnets 

Tunnel from Firewall to Firewall works, but from Router to Router does not Tunnel just routs it though.

share config here 

Router0 10.10.5.2 

Router1 10.10.5.3 

Crypto isakmp enable 

Crypto isakmp enable 

Crypto isakmp policy 10 

Crypto isakmp policy 10 

Authentication pre-share 

Authentication pre-share 

Encryption aes 256 

Encryption aes 256 

Hash sha 

Hash sha 

Group 5 

Group 5 

exit 

exit 

Crypto isakmp key cisco address 10.10.5.3 

Crypto isakmp key cisco address 10.10.5.2 

Crypto ipsec transform-set vpnset esp-aes 256 esp-sha-hmac 

Crypto ipsec transform-set vpnset esp-aes 256 esp-sha-hmac 

Ip access-list extended vpnacl 

Ip access-list extended vpnacl 

Permit ip 192.168.20.0 255.255.255.0 193.168.20.0 255.255.255.0 

Permit ip 193.168.20.0 255.255.255.0 192.168.20.0 255.255.255.0 

exit 

exit 

Crypto map vpnmap 10 ipsec-isakmp 

Crypto map vpnmap 10 ipsec-isakmp 

Match address vpnacl 

Match address vpnacl 

Set peer 10.10.5.3 

Set peer 10.10.5.2 

Set transform-set vpnset 

Set transform-set vpnset 

exit 

exit 

Int se0/1/0 

Int se0/1/0 

Crypto map vpnmap 

Crypto map vpnmap 

Permit ip 192.168.20.0 255.255.255.0 193.168.20.0 255.255.255.0 

the ACL is same in both router ? this is why IPsec tunnel is failed.
also the source and destiantion is same in ACL ?

Review Cisco Networking for a $25 gift card