Link to home
Start Free TrialLog in
Avatar of RTPIT
RTPIT

asked on

Cisco ASA/PIX hub and spoke VPN routing

I am wondering if it is possible to route between tunnels in a hub and spoke environment. Can the Remote VPN User in the example below connect to the 5540 and then hit resources behind the 5505 or 5510? Is this as simple as adding the necessary route statement in the 5540 or does the VPN Group Policy get the routing info? Also, I have 12 - 15 point to point tunnels on this ASA 5540, is there a way to limit by group membership on the ASA what resources VPN Users can connect to besides using Windows/AD group membership? This does assume Active Directory DNS is being passed to the Remote VPN User.

Cisco ASA 5505---\
                              \ Existing VPN Tunnel
                               \----------------------------------------\
                                                                                  Cisco ASA 5540  <-----------> Remote VPN User                    
                               /----------------------------------------/  
                              / Existing VPN Tunnel
Cisco ASA 5510---/
ASKER CERTIFIED SOLUTION
Avatar of batry_boy
batry_boy
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of RTPIT
RTPIT

ASKER

Thanks. Looks like exactly what I want to do. I am in the process of replacing my PIX 525 with a 5540 and as soon as I get this implemented, I will re-post results.