Hi,
I am trying to ipmlement a IPSEC "tunnel through a tunnel" as follows:
ASA-1 ( inside network 10.10.10.0 /24 - outside network 1.1.1.1/30) to ASA-2 (outside network 1.1.1.2/30 - inside network 20.20.20.0/24)
This tunnel is fully functional.
Created a DMZ interface (2.2.2.1/30) on ASA-1
Created a DMZ interface (2.2.2.2/30) on ASA-2
Attached ASA-A outside interface to ASA-1 DMZ interface - inside network 30.30.30.0/24
Attached ASA-B outside interface to ASA-2 DMX interface - inside network 40.40.40.0/24
Created an ACL on ASA-1 and ASA-2 DMZ interfaces allowing ESP,IKE traffic
2nd tunnel not working!
Questions
- Should I add the DMZ /30's to the crypto map of ASA-1 and ASA-2 (I did, and it did still not work)
- Should there be a route statement for the /30's on ASA-1 and ASA-2, or should the default GW be sufficient?
Any and all help will be appreciated!
Dave