Routing ASA Traffic between Hub and Spoke

Unanswered Question
Jan 21st, 2009

We currently have a very basic hub and spoke setup with our ASA 5505s (8.04). Site A (192.168.60.x) has a two way tunnel with SiteB (10.10.50.x). Site C (192.168.40.x) has a two-way tunnel with SiteB (10.10.50.x). Traffic can get between A and B. Traffic can also get between C and B. No worries there.

Due to a security restriction, I cannot create a tunnel between A and C. I was wondering if SiteA could get to SiteC THROUGH SiteB since B is the "hub"? Would it be a 'nonat' statement? Perhaps a routing statement on SiteB?

Any help would be appreciated.

Basic configs attached.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
acomiskey Wed, 01/21/2009 - 10:46

Looks to me like you have a few crypto acls backwards on B. Try this instead.

access-list 100 extended permit ip 10.10.50.0 255.255.255.0 192.168.60.0 255.255.255.0

access-list 100 extended permit ip 192.168.40.0 255.255.255.0 192.168.60.0 255.255.255.0

access-list 101 extended permit ip 10.10.50.0 255.255.255.0 192.168.40.0 255.255.255.0

access-list 101 extended permit ip 192.168.60.0 255.255.255.0 192.168.40.0 255.255.255.0

cavemanbobby Wed, 01/21/2009 - 12:42

I'll be darned! That worked like a champ.

You have no idea how many experts looked at this and didn't see that.

Thanks a trillion.

Actions

This Discussion