Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
507
Views
0
Helpful
1
Replies

Considerations for an IPSEC tunnel through another IPSEC tunnel

prakkdangc
Level 1
Level 1

‎01-16-2012 10:55 AM - edited ‎02-21-2020 05:49 PM

Hi,

I am trying to ipmlement a IPSEC "tunnel through a tunnel" as follows:

ASA-1 ( inside network 10.10.10.0 /24 - outside network 1.1.1.1/30) to ASA-2 (outside network 1.1.1.2/30 - inside network 20.20.20.0/24)

This tunnel is fully functional.

Created a DMZ interface (2.2.2.1/30) on ASA-1

Created a DMZ interface (2.2.2.2/30) on ASA-2

Attached ASA-A outside interface to ASA-1 DMZ interface - inside network 30.30.30.0/24

Attached ASA-B outside interface to ASA-2 DMX interface - inside network 40.40.40.0/24

Created an ACL on ASA-1 and ASA-2 DMZ interfaces allowing ESP,IKE traffic

2nd tunnel not working!

Questions

  1. Should I add the DMZ /30's to the crypto map of ASA-1 and ASA-2 (I did, and it did still not work)
  2. Should there be a route statement for the /30's on ASA-1 and ASA-2, or should the default GW be sufficient?

Any and all help will be appreciated!

Dave

Labels:
0 Helpful
1 Reply 1

andrew.prince
Level 10
Level 10

‎01-17-2012 09:35 AM

post config for review

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents