Routing ASA Traffic between Hub and Spoke

Unanswered Question
Jan 21st, 2009
User Badges:

We currently have a very basic hub and spoke setup with our ASA 5505s (8.04). Site A (192.168.60.x) has a two way tunnel with SiteB (10.10.50.x). Site C (192.168.40.x) has a two-way tunnel with SiteB (10.10.50.x). Traffic can get between A and B. Traffic can also get between C and B. No worries there.

Due to a security restriction, I cannot create a tunnel between A and C. I was wondering if SiteA could get to SiteC THROUGH SiteB since B is the "hub"? Would it be a 'nonat' statement? Perhaps a routing statement on SiteB?

Any help would be appreciated.

Basic configs attached.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
acomiskey Wed, 01/21/2009 - 10:46
User Badges:
  • Green, 3000 points or more

Looks to me like you have a few crypto acls backwards on B. Try this instead.

access-list 100 extended permit ip

access-list 100 extended permit ip

access-list 101 extended permit ip

access-list 101 extended permit ip

cavemanbobby Wed, 01/21/2009 - 12:42
User Badges:

I'll be darned! That worked like a champ.

You have no idea how many experts looked at this and didn't see that.

Thanks a trillion.


This Discussion