cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
631
Views
5
Helpful
2
Replies

S2S tunnel

ohgroup01
Level 1
Level 1

Hello,

 

I have a question regarding a tunnel i have created.

 

The tunnel is working fine but one of the sites wants to add some more internal addresses.

 

Current nat is

access-list nonat extended permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list Tunnel extended permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0

 

And the crypto points to -

 

crypto map TEST 1 match address Tunnel

crypto map TEST 1 set peer xxx.xxx.xxx.x

 

Now the other site wants the tunnel to add 192.168.3.0 and 172.3.1.0 on the same peer address.

 

Can this be done?

 

Kind regards,

 

Ash

1 Accepted Solution

Accepted Solutions

Poonam Garg
Level 3
Level 3

Hello,

You can do it.

You just need to add access control entries (ace) in your present ACL Tunnel.

access-list Tunnel line 2 extended permit ip 192.168.0.0 255.255.255.0 192.168.3.0 255.255.255.0

access-list Tunnel line 3 extended permit ip 192.168.0.0 255.255.255.0 172.3.1.0 255.255.255.0

Also you need to exempt this traffic from NAT also as you did for your previous ace.

Also on remote site you have to add exact mirror image of these ace in your already configured acl .

HTH

View solution in original post

2 Replies 2

Poonam Garg
Level 3
Level 3

Hello,

You can do it.

You just need to add access control entries (ace) in your present ACL Tunnel.

access-list Tunnel line 2 extended permit ip 192.168.0.0 255.255.255.0 192.168.3.0 255.255.255.0

access-list Tunnel line 3 extended permit ip 192.168.0.0 255.255.255.0 172.3.1.0 255.255.255.0

Also you need to exempt this traffic from NAT also as you did for your previous ace.

Also on remote site you have to add exact mirror image of these ace in your already configured acl .

HTH

Thank you for the response.

I have added them to my site just need to get the other site to do the same.

Thank you again.

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: