Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Tunnel Interface connectivity via IPSec

Hi!

I am running gre with IPSec. My interesting traffic for IPsec is 192.168.1.1 to 192.168.1.2 and when I try to establish connection from Router 1 then the FW see 172.16.1.2 IP and the IPsec tunnel never trigger.

What can be done that if I ping from 192.168.1.2 then the FW will 192.168.1.1 rather than 172.16.1.2?

See the attached picture.

Thanks

Everyone's tags (5)
6 REPLIES
VIP Purple

You need to get yourself to

You need to get yourself to the stage where each firewall can ping the local 192.168.1.x address on the router.  More than likely you have routes missing.

New Member

Hi!

Hi!

Thanks for you reply.

I only want that on ASA 1 the ipsec should trigger.

I can ping 192.1681.1 from ASA1.

The problem is that Ipsec never triggers because interesting traffic 192.168.1.1 never hits outside interface so ipsec process never started.

Thanks

New Member

Hi Philip D'Ath!

Hi Philip D'Ath!

I have defined tunnel endpoints in the interesting traffic but its not working. IPsec is not triggering.

What if the other end is not aware for my 172.16 as they only have my Public IP?

Thanks

New Member

Looking for IPsec

Looking for IPsec implemention for exact same scenario.

http://www.networkstraining.com/configuring-gre-tunnel-through-a-cisco-asa-firewall/comment-page-1/#comment-384712

Silver

It will be GRE over IPsec,

It will be GRE over IPsec, that is, GRE  tunnel endpoints 172.16.x.x should be defined as interesting traffic. 192.168.1.x will be tunnel inside addresses (encrypted) so these addresses will not be seen by firewalls.

Silver

The referred Networkstraining

The referred Networkstraining page confirms my  previous comment. As you can see, tunnel IPs (10.0.0.x) are not seen by the firewall. They are encapsulated and only the tunnel source and destination addresses (50 and 20) are used in the firewall rules.

94
Views
0
Helpful
6
Replies
CreatePlease login to create content