02-01-2007 01:59 AM
Dear all,
I'm planning to deploy the ASA VPN solution for more than 10 remote sites. Three of them are considered HUB sites. I want to know how to build-up the connectivity between the Spokes terminated to different Hub sites, is that possible running OSPF instead of fully mesh VPN?
Thanks
Tony
02-14-2007 06:20 AM
Tony,
In the example given to you, one of the spoke was a dynamic Lan to Lan tunnel and the other one was a static Lan to LAN tunnel
Taking your example into account
Hub - 10.10.10.x
Spoke1 - 10.20.20.x
Spoke2 - 10.30.30.x
Here is how the ACL's should look like.
Hub:
Access-list for tunnel between Hub and Spoke1
access-list 110 per ip 10.10.10.0 255.255.255.0 10.20.20.0 255.255.255.0
access-list 110 per ip 10.30.30.0 255.255.255.0 10.20.20.0 255.255.255.0
Access-list for tunnel between Hub and Spoke 2
access-list 120 per ip 10.10.10.0 255.255.255.0 10.30.30.0 255.255.255.0
access-list 120 per ip 10.20.20.0 255.255.255.0 10.30.30.0 255.255.255.0
Access-list for nonat (NAT exemption)
access-list nonat per ip 10.10.10.0 255.255.255.0 10.20.20.0 255.255.255.0
access-list nonat per ip 10.10.10.0 255.255.255.0 10.30.30.0 255.255.255.0
Spoke 1:
access-list 101 per ip 10.20.20.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list 101 per ip 10.20.20.0 255.255.255.0 10.30.30.0 255.255.255.0
Spoke 2:
access-list 102 per ip 10.30.30.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list 102 per ip 10.30.30.0 255.255.255.0 10.20.20.0 255.255.255.0
Rate this topic, if it helps.
Cheers
Gilbert
02-15-2007 05:54 PM
Gilbert,
Thanks. It's clear.
One more thing about the command "management-access", is that possible to use this command for the remote Spoke1 to send trap back to the Hub site via VPN tunnel? Based on the command reference, it just list-out the following feature support (no snmp trap):
?SNMP polls to the mgmt_if
?HTTPS requests to the mgmt_if
?PDM access to the mgmt_if
?Telnet access to the mgmt_if
?SSH access to the mgmt_if
?Ping to the mgmt_if
Rgds,
Tony
02-22-2007 11:57 PM
Gilbert,
Any information regarding the snmp trap back to the core via VPN tunnel?
Tony
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide