Create IPSec tunnel between cEdge to DC FW

Salauddin · ‎11-25-2020

Hello All,

We have requirement to configure IPsec VPN from remote sites cEdge to DC end FW.

DC end FW is placed at Service VPN of Hub end cEdge. is it possible to configure additional IPSec tunnel apart from default one (between Hub & spoke)

Naseer Anjan · ‎11-26-2020

Hi,

Are you looking for establish overlay tunnel between spoke cedge and Firewall at DC ? if so, it is not possible due to below options

1. Firewall is not SDWAN edge device so, it cannot be connected to SDWAN cedge

2. Service side vpn (vpn1) cannot be tunnel interface since VPN0's interfaces can be tunnel interface.

but if you need establish non SDWAN tunnel (manual), you have to have different device at spoke service vpn side to connect your DC's (hub) firewall in service vpn side.

Salauddin · ‎11-26-2020

Hi,

Yes, I want to create a non sd-wan tunnel from remote cEdge to DC FW, but I can see it's possible via service VPN by referring below config guide. but I don't see any end to end config example.

https://www.cisco.com/c/dam/en/us/td/docs/routers/sdwan/configuration/config-17-2.pdf#page=216

Naseer Anjan · ‎11-27-2020

Ok, then it is private IPs communication over the overlay (sdwan). i think document which you have referred showing configuration on sdwn vedge but non sdwan device like your firewall configuration will be your own,, have you tried and if so, what happened ?

if possible show your configuration and any logs from both devices.