I have a working VPN tunnel between a Digi Transport router (Site A) and Cisco ASA. On the other side of the ASA there is another VPN tunnel (Site B) which also needs access to Site A.
Currently, on the ASA, I’m seeing no encrypted traffic and it seems as though the Digi doesn’t know what to do with incoming traffic from that tunnel.
Would it be possible to have one tunnel on the Digi, but containing two separate peers (ASA and Site B) and two LAN subnets (Site A and Site B)
Hi its not something i have done but you i would think need to ikev2 to support mulitple subnets.
are you passing the second site inside the first tunnel as you could pass the second tunnel there is a option for ipsec in ipsec. but you sould use 2 ipsec eroutes.
Thanks for the reply James, I will experiment with ikev2 and see how that goes. Just one question, what would the Remote subnet be in the VPN configuration page?
My setup is as follows:
Site A 10.20.4.0 /24 has a VPN tunnel to HQ
Site B 192.168.142.0 /24 has a VPN tunnel to HQ
HQ is a Cisco ASA - inside interface 10.99.6.141
So, I have the local subnet on the Digi (at Site A) set as 10.20.4.0 /24. The remote subnet is currently blank - is this right?
the setting for the remote network would have to cover the 2 networks in this case you would be better off using 0.0.0.0 but this might only work it the transport is working as the responder.
else i would normaly use 2 eroutes as they are 2 destinations.
The request received from eroute 1 is normaly the router is trying to raise the eroute the next is saying that the ID is either the wrong type or incorect
you should switch on the ike/ipsec traceing and see what is in there.