Routing ASA Traffic between Hub and Spoke

Unanswered Question
Jan 21st, 2009

We currently have a very basic hub and spoke setup with our ASA 5505s (8.04). Site A (192.168.60.x) has a two way tunnel with SiteB (10.10.50.x). Site C (192.168.40.x) has a two-way tunnel with SiteB (10.10.50.x). Traffic can get between A and B. Traffic can also get between C and B. No worries there.


Due to a security restriction, I cannot create a tunnel between A and C. I was wondering if SiteA could get to SiteC THROUGH SiteB since B is the "hub"? Would it be a 'nonat' statement? Perhaps a routing statement on SiteB?


Any help would be appreciated.


Basic configs attached.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
acomiskey Wed, 01/21/2009 - 10:46

Looks to me like you have a few crypto acls backwards on B. Try this instead.


access-list 100 extended permit ip 10.10.50.0 255.255.255.0 192.168.60.0 255.255.255.0

access-list 100 extended permit ip 192.168.40.0 255.255.255.0 192.168.60.0 255.255.255.0

access-list 101 extended permit ip 10.10.50.0 255.255.255.0 192.168.40.0 255.255.255.0

access-list 101 extended permit ip 192.168.60.0 255.255.255.0 192.168.40.0 255.255.255.0

cavemanbobby Wed, 01/21/2009 - 12:42

I'll be darned! That worked like a champ.


You have no idea how many experts looked at this and didn't see that.


Thanks a trillion.

Actions

This Discussion