02-12-2016 11:57 PM - edited 02-21-2020 08:41 PM
Hi guys
i've recently bought a cisco asa 5506-x and i need to implement it in my network ,but i have multiple sites connected together through DMVPN
and i want to put the firewall behind the hub as described in the screenshot, also all spokes must be able to reach the server that is connected to r1 and the network that have the ASA, so guys i need help any ideas please :D
the things that i'm worried about is how to passthrough DMVPN traffic also the routing from asa to hub to r1 and versa
02-13-2016 03:32 AM
The ASA does not know or care about the DMVPN - since it does not interoperate with the DMVPN directly, it's all just an upstream set of networks to it.
So as long as the hub router, R1 and the ASA have routing among them and you're propagating those routes across the DMVPN via the hub, your spoke sites should be fine.
With the routing all in place, the network behind the ASA needs only have security policies setup properly on the ASA for it to be reachable.
02-13-2016 01:23 PM
Thanks for the reply marvin
but the problem here is that R1 is for the government i can't edit on its configuration ,and the other thing is when implementing the ASA as in the diagram it will divide my network (makes it two networks )
mmmm so i guess i need multiple routes here between the ASA and the HUB....will i guess i figured it out but what kind of policies should i configure on the ASA ?!
02-13-2016 02:37 PM
Are R1, the hub router and ASA running a dynamic routing protocol like OSPF or EIGRP among them?
Even if the Hub router is the statically configured default gateway for R1, it would work fine.
02-14-2016 01:55 AM
actually they are all configured statically and the hub router is not default gateway for R1.
R1 is connected to CSU/DSU from one side and the other side is my LAN and i have routes to the server that is connected to R1 on the HUB.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide