Hi Everyone,

I was just wondering what would be the best possible solution to configure a Hub/Spoke network topology using CISCO ASAs when the spoke networks have overlapping IP addresses attached to a Dual Hub design for redundancy. 2nd Hub will be located at a Disaster Recovery site.

Currently the set up has been configured with XLATED IP on both Hub/Spoke addresses to fix the overlapping IP address issue. 2 concurrent VPN tunnels (2 Hubs > Spoke) connected to achieve some sort of redundancy. This configuration works but I don't think it is very optimised.

Although we have no issue running 2 concurrent tunnels, it would be more efficient to only have 1 active tunnel and 1 as standby when the active goes down. Which also brings me to my next question, how would we automate it so that we can return traffic to the first hub when it comes back online?

Additionally, another issue is that we would like to send back SMTP emails from a device on the spoke, where only 1 email receiver/sender input is possible. What would be the best way to segregate traffic between the two Hubs to reestablish a VPN connection and send SMTP email to the either Hubs where only 1 input address is possible? 

Regards,

Edward