Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Monitoring Remote VPN tunnels through a VPN

I am looking to see if this is possible, which in my limited Cisco knowledge I believe it is.

Essentially I am looking for a way to monitor NATed VPN tunnels through another tunnel in the same address subnet space.

I have a monitoring server which I can detect our tunnels here at our HDQ, to all of my remote sites this is just a simple ping monitor that will tell me if the tunnels go down or that the remote sites ISP is down. We have a 2nd VPN tunnel at all our locations that our POS software connects through a 3rd party.

This device is a PIX Firewall the HDQ device is an ASA 5512 w/ 5505 Router

The ACL's as they stand are an example below.

access-list inside_outbound_nat0_acl   permit ip 192.168.1.x 255.255.255.0   192.168.x.x 255.255.255.0
access-list outside_cryptomap_20         permit ip 192.168.1.x 255.255.255.0   192.168.x.x 255.255.255.0
access-list outside_cryptomap_40         permit ip 10.99.x.x      255.255.255.0   10.x.x.x 255.255.255.0
access-list example_acl                            permit ip 192.168.1.x 255.255.255.0    10.x.x.x 255.255.255.0

nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 10.99.x.x access-list example_acl 0 0
route outside 0.0.0.0 0.0.0.0 gateway 1

I have a ICMP statement allowing my monitoring server to ping the device through our tunnel

icmp permit host x.x.x.x inside

management-access inside

I know I should probably setup an acl for this as well. That can come later.

Now what I am looking to do is ping the: 10.99.x.x Address Space from the 192.168.x.x address through the 192.168.1.x inside address. Can this be done with ACL's or some route statements?

213
Views
0
Helpful
0
Replies
CreatePlease login to create content