IPSEC VPN From MSR 2003 additional subnet

revell · ‎02-07-2018

Has anyone been succesful in configuring additional remote subnet on an IPSEC tunnel on MSR 2003? I'm trying to add another subnet and route it through an existing VPN tunnel. F.e. this is the current state:

Site A Site B

1.010.1.0 <=ipsec=> 10.10.2.0

What I'm attempting to accomplish is add another subnet (f.e. 10.10.3.0) on Site B and route SiteA to it. On an ASA device I'd extend the network group with the new subnet and add appropriate ACL but I can't make my way here.

I did try to add static route for the new subnet (10.10.3.0) on the MSR 2003 but then I loose connectivity to 10.10.2.0. I guess I should be extending the flow if that's possible like so:

Flow:
sour addr: 10.10.1.0/255.255.255.0 port: 0 protocol: ip
dest addr: 10.10.2.0/255.255.255.0 port: 0 protocol: ip

dest addr: 10.10.3.0/255.255.255.0 port: 0 protocol: ip

revell · ‎02-09-2018

After some fiddling, I'm starting to think about object-groups and avoid creating another tunnel for the other subnet. IF object-groups can be defined within ipsec config. According to the manual remote address can be only:

remote-address { [ ipv6 ] host-name | ipv4-address | ipv6 ipv6-address }

and not object-group. Will have to try it out.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

IPSEC VPN From MSR 2003 additional subnet

IPSEC VPN From MSR 2003 additional subnet

Re: IPSEC VPN From MSR 2003 additional subnet