Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
306
Views
0
Helpful
1
Replies

unusual hub-and-spoke addressing scheme.

ibrunello
Level 1
Level 1

‎03-28-2009 05:27 PM

I have an hub and spoke configuration.

ASA5520 is the hub, zyxel are spokes.

Due to limitation on zyxel, I can only setup a single line remote network/local network.

the two branches must talk each other, and with a server on central site.

I wanted to perform the following.

1) zyxel 1 use local: 10.15.1.201/32 and remote 10.15.0.0/16

2) zyxel 2 use local: 10.15.2.201/32 and remote 10.15.0.0/16

3) ASA has local 10.15.0.0/24, but uses 10.15.0.0/16 when establishing tunnels.

host on spokes can communicate to hub, but they cannot ping each other.

output is a packet trace from spoke 1 to spoke1.

it seems summarization made bad things to VPN rerouting.

any hint?

shall I make it work without creating multiple vpn sets?

TIA

Labels:
Preview file
5 KB
0 Helpful
1 Reply 1

andrew.prince
Level 10
Level 10

‎03-30-2009 01:54 AM

Post the config of the ASA for reveiw - remove any sensitive information.

0 Helpful
Customers Also Viewed These Support Documents