Showing results for 
Search instead for 
Did you mean: 

ASA 5505 L2L Hub and Spoke configuration

So I'm at a loss on this, I'm trying to figure out how to create a hub and spoke using 3 ASA 5505's running 8.2. Here's how the topology should look:

                                                                                                         HQ Site

                                                                                                        /           \

                                                                           L2L ipsec VPN  /             \ L2L ipsec VPN

                                                                                                     /                 \

                                                                                        Branch Office A       Branch Office B

I'd like to be able to route traffic from Branch Office A to Branch Office B via the VPN tunnels to the HQ site.

Any configs or ideas you may have would be appreciated. I'd like to be able to have a beefy internet connection at the HQ site so we don't have to set up a full mesh configuration.

Karsten Iwen
VIP Mentor

This scenario was discussed here a couple of times. In general you have to configure:

1) same-security-traffic permit intra-interface
2) crypto-ACLs:

VPN Branch1-HQ
permit Branch1 to HQ
permit Branch1 to Branch2

VPN Branch2-HQ:
permit Branch2 to HQ
permit Branch2 to Branch1

VPN HQ-Branch1:
permit HQ to Branch1
permit Branch2 to Branch1

VPN HQ-Branch2:
permit HQ to Branch2
permit Branch1 to Branch2

3) NAT-Exemption for all this VPN-Traffic

Sent from Cisco Technical Support iPad App

Thanks for the reply, would you or anyone have a working config for this setup. I understand the high level overview, but I'm looking for something to reference as a configuration.

Sent from Cisco Technical Support iPhone App

Here is a documented example:

Don't stop after you've improved your network! Improve the world by lending money to the working poor:

Content for Community-Ad

This widget could not be displayed.