how to route traffic coming towards one crypto mas ipsec through another?
the question maybe simple, but I googled a lot and haven't found an answer.
as example, there is a VPN hub which is cisco 1941 router with IOS 12.
two remote locations are connected through site to site IPsec to this router which has two crypto maps(by sequence number) with the same crypto map name. the cryptomap is assaigned to one WAN interface.
is there a way to allow traffic flow between those remote locations through VPN hub?
I do recommend migrating to tunnel VPN since it will be easier for your if your scale up, as of now, your infra may still be small, but migrating is always a choice since Tunnel VPN allows dynamic routing (eigrp, ospf etc.) while IPsec S2S relies on static routes,
Well, to answer your question, you need to create static routes. and if you are using NAT, then make sure to add in those NAT statements "deny ip" and yes, we need to use extended ACLs. We do this in all routers.
All you need to take note is your route to your destination network has its equivalent "deny ip" statement inside the NAT ACL :D
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...