Author Topic: Deploqment Question over Cisco VPN Tunnel  (Read 2823 times)


  • VIP
  • Member
  • ***
  • Posts: 13
    • View Profile
Deploqment Question over Cisco VPN Tunnel
« on: December 11, 2014, 02:13:08 PM »

i have a deployment question.
There are two Sites (A and B). The Sites are connected over a VPN Tunnel (Cisco). The Headquarter is on Site A. Remote Office on Site B.

If my understanding is correct, the Deployment should look like this:
Site A - L3 Routing Switch - Wanos Core - Cisco FW ===L3 VPN-TUNNEL=== Cisco FW - Wanos Edge - L3 Routing Switch - Site B

My Main Question is how the tho Wanos Appliances can see each other? I installed a ESXi Lab Environment like described on your Page. Because the WAN Interface is on the same L2 Netzwork they connect each other automatically. But there is no way i found to give my Wanos Core the information which IP my Wanos Edge has (and vice versa). Because i have a Layer 3 Tunnel i am a little confused now.

Maybe someone has a simple answer to this.
Thanks a lot.

Best Regards


  • Team Wanos
  • Administrator
  • Full Member
  • *****
  • Posts: 629
    • View Profile
Re: Deploqment Question over Cisco VPN Tunnel
« Reply #1 on: December 11, 2014, 02:31:42 PM »
Hi Marco,

They will auto detect each other if traffic is flowing through both devices. This seems to be the case in your diagram. When a new TCP session is establish a TCP Option is added to the SYN packet. The receiving device sees the TCP Option and detects that the peer is up.

On a side note: Recent Cisco GRE IPSec VPN ios code drops all proto 108 traffic. If you encounter this cisco bug/feature, please use a different VPN encapsulation on the VPN config or enable UDPENCAP or GRE encap from the GUI. In the next release this will be configurable the web interface.
« Last Edit: February 23, 2015, 10:08:45 PM by ahenning »
CCIE RS, CCIE SP, Mnet&sys

Note: Forum posts may be outdated. Please see the latest documentation at