Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1556
Views
0
Helpful
3
Replies

ASA 5505 L2L Hub and Spoke configuration

dsirek1978
Level 1
Level 1

‎11-19-2013 05:56 PM

So I'm at a loss on this, I'm trying to figure out how to create a hub and spoke using 3 ASA 5505's running 8.2. Here's how the topology should look:

                                                                                                         HQ Site

                                                                                                        /           \

                                                                           L2L ipsec VPN  /             \ L2L ipsec VPN

                                                                                                     /                 \

                                                                                        Branch Office A       Branch Office B

I'd like to be able to route traffic from Branch Office A to Branch Office B via the VPN tunnels to the HQ site.

Any configs or ideas you may have would be appreciated. I'd like to be able to have a beefy internet connection at the HQ site so we don't have to set up a full mesh configuration.

Labels:
0 Helpful
3 Replies 3

Karsten Iwen
VIP
VIP

‎11-19-2013 10:29 PM

This scenario was discussed here a couple of times. In general you have to configure:

1) same-security-traffic permit intra-interface
2) crypto-ACLs:

VPN Branch1-HQ
permit Branch1 to HQ
permit Branch1 to Branch2

VPN Branch2-HQ:
permit Branch2 to HQ
permit Branch2 to Branch1

VPN HQ-Branch1:
permit HQ to Branch1
permit Branch2 to Branch1

VPN HQ-Branch2:
permit HQ to Branch2
permit Branch1 to Branch2

3) NAT-Exemption for all this VPN-Traffic


Sent from Cisco Technical Support iPad App

0 Helpful

dsirek1978
Level 1
Level 1
In response to Karsten Iwen

‎11-20-2013 02:25 AM

Thanks for the reply, would you or anyone have a working config for this setup. I understand the high level overview, but I'm looking for something to reference as a configuration.

Sent from Cisco Technical Support iPhone App

0 Helpful

Karsten Iwen
VIP
VIP
In response to dsirek1978

‎11-24-2013 03:58 PM

Here is a documented example: https://supportforums.cisco.com/docs/DOC-38188

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful
Customers Also Viewed These Support Documents