11-25-2020 12:11 AM
Hello All,
We have requirement to configure IPsec VPN from remote sites cEdge to DC end FW.
DC end FW is placed at Service VPN of Hub end cEdge. is it possible to configure additional IPSec tunnel apart from default one (between Hub & spoke)
11-26-2020 06:06 AM
Hi,
Are you looking for establish overlay tunnel between spoke cedge and Firewall at DC ? if so, it is not possible due to below options
1. Firewall is not SDWAN edge device so, it cannot be connected to SDWAN cedge
2. Service side vpn (vpn1) cannot be tunnel interface since VPN0's interfaces can be tunnel interface.
but if you need establish non SDWAN tunnel (manual), you have to have different device at spoke service vpn side to connect your DC's (hub) firewall in service vpn side.
11-26-2020 11:21 PM
Hi,
Yes, I want to create a non sd-wan tunnel from remote cEdge to DC FW, but I can see it's possible via service VPN by referring below config guide. but I don't see any end to end config example.
https://www.cisco.com/c/dam/en/us/td/docs/routers/sdwan/configuration/config-17-2.pdf#page=216
11-27-2020 10:13 AM
Ok, then it is private IPs communication over the overlay (sdwan). i think document which you have referred showing configuration on sdwn vedge but non sdwan device like your firewall configuration will be your own,, have you tried and if so, what happened ?
if possible show your configuration and any logs from both devices.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide