CCP site-to-site VPN using access rules

vitotol85 · ‎01-24-2013

hello, I use CCP for creating site-to-site VPNs on a Cisco router. I need to use network objects on my ipsec rule for having multiple hosts but the network objects are only available on the access rules through access editor.

On the encryption domain dialogue on site-to-site VPN wizzard the access rules I have created from Access Editor window are not listed. Should I associate the rules with the interface to be listed???

I manage to create a VPN using an access rule by just inserting the access rule (that is not associated to any interface) number, - it wasn't listed on the access rules when I clicked select from the existing rules - the VPN worked but then another issue came up.

The issue is that when I created a second VPN the way I described above the public IP of the router is unreachable. No ping/ssh etc. I recover it by shh on private and reload with the old config. While the public interface seems down the VPNs I have already configured are up and running.

Though the router is going down when a new s-to-s VPN is created by using an access rule if I create a VPN with the way is shown on the image below everything works fine.

http://www.cisco.com/image/gif/paws/112153/ccp-vpn-asa-router-config-24.gif

but with that way I cannot have multiple hosts for my VPN.

vitotol85 · ‎01-26-2013

hello guys, can anyone help me on this?

for using network objects on the encryption domains of a site-to-site VPN I have to create access rules from access editor on CCP and associate them with the interface that the vpn will take place. In the encryption domain dialogue of the VPN wizzard i will have to choose them from the existing rules on CCP. Is this right?

--

I did it without Network Objects. By creating those access rules I was messing with the allowed traffic.

So I assigned more than one ipsec rules for each tunnel.