Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1660
Views
5
Helpful
1
Replies

Firepower Hub and Spoke without VPN

Go to solution
jewell2j
Level 1
Level 1

‎03-08-2021 10:04 AM - edited ‎03-08-2021 10:05 AM

I trying to create a hub and spoke in which there is a red network ipsec tunnel within a gray network ipsec tunnel. I am limited to the the firepower 2100 platform as I need to inspection points. I've included a diagram. The part that I am unfamiliar with is using the FP2130 as the Hub connecting to the spokes FP2110 via fiber. I don't need tunnels for this connection as the fiber network is a straight through connection with no connection outside. Would the connections from the hub to the spoke be point to point /30 networks? Is the FP capable of doing this? I've done tunnel within a tunnel networks in the past but with routers and encryption devices. Besides client VPN purposes using the 5500 series ASAs, I haven't attempted to use this these devices in this manner in the past. Any advise would be appreciated. 

Preview file
197 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎03-08-2021 07:51 PM

Hi

 

to reply to your question, yes you an have a fiber between the 2 FWs with an interco subnet (/30 is ok) and then apply inspection rules on this link.

 

However, as you have VPN tunnels on the downstream of your network, so you need to make sure to adapt the routing if you want that all traffic goes through this fiber link for inspection. If this link is for other zones, then you good to go and must adapt your routing to make sure the traffic flows through this link.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

1 Reply 1

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎03-08-2021 07:51 PM

Hi

 

to reply to your question, yes you an have a fiber between the 2 FWs with an interco subnet (/30 is ok) and then apply inspection rules on this link.

 

However, as you have VPN tunnels on the downstream of your network, so you need to make sure to adapt the routing if you want that all traffic goes through this fiber link for inspection. If this link is for other zones, then you good to go and must adapt your routing to make sure the traffic flows through this link.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card