01-21-2009 09:55 AM - edited 03-11-2019 07:40 AM
We currently have a very basic hub and spoke setup with our ASA 5505s (8.04). Site A (192.168.60.x) has a two way tunnel with SiteB (10.10.50.x). Site C (192.168.40.x) has a two-way tunnel with SiteB (10.10.50.x). Traffic can get between A and B. Traffic can also get between C and B. No worries there.
Due to a security restriction, I cannot create a tunnel between A and C. I was wondering if SiteA could get to SiteC THROUGH SiteB since B is the "hub"? Would it be a 'nonat' statement? Perhaps a routing statement on SiteB?
Any help would be appreciated.
Basic configs attached.
01-21-2009 10:46 AM
Looks to me like you have a few crypto acls backwards on B. Try this instead.
access-list 100 extended permit ip 10.10.50.0 255.255.255.0 192.168.60.0 255.255.255.0
access-list 100 extended permit ip 192.168.40.0 255.255.255.0 192.168.60.0 255.255.255.0
access-list 101 extended permit ip 10.10.50.0 255.255.255.0 192.168.40.0 255.255.255.0
access-list 101 extended permit ip 192.168.60.0 255.255.255.0 192.168.40.0 255.255.255.0
01-21-2009 12:42 PM
I'll be darned! That worked like a champ.
You have no idea how many experts looked at this and didn't see that.
Thanks a trillion.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide