Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
497
Views
0
Helpful
2
Replies

ASA L2L spoke to Hub SFR firepower

keithcclark71
Level 3
Level 3

‎02-23-2017 04:53 PM - edited ‎03-12-2019 06:18 AM

 I have 2 prev gen ASA 5505's connecting IPSEC IKE1 tunnels back to a single corporate ASA 5520. I am replacing the spoke site ASA 5505 with 5508-X and the Hub site 5520 to 5545-x. The  Esxi Virtual FMC will be located behind the Hub sites ASA 5545-x attached to VLAN on layer 3 core switch.   I am having hard time understanding how the newly placed 5508-x spokes will be able to send event traffic through the ASA5545-x into the FMC. I don't see how the SFR IP addresses in this particular toplogy can be on the same VLAN as the FMC as routing for this VLAN where FMC sits is defined at the HUB . Address space for the SFR would be overlapping the FMX?

Ex:

5508-x Spoke Site  SFR 192.168.23.10 (California)

FMC HUB 192.168.23.100  (Buffalo)

Suggestions anyone???

Labels:
0 Helpful
2 Replies 2

Philip D'Ath
VIP Alumni
VIP Alumni

‎02-23-2017 05:30 PM

In each asa. the SFR module IP address be on the local LAN (or wherever you physically plug the "management" port into).  The virtual management appliance will talk over your VPNs to the local management IP address.

0 Helpful

keithcclark71
Level 3
Level 3
In response to Philip D'Ath

‎02-23-2017 05:41 PM

ok so the SFR at these spoke sites will need to be of an address assignment pertaining to a local ASA interface and therefore would be a different subnet than that of the FMC. I was hoping for simplicity that I could have all Remote spoke  SFR IP's and FMC HUB IP all on same management subnet.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card