How to enable ASA to forward routing updates?

Unanswered Question
Mar 2nd, 2007


I have ASA between 2 routers. The routers use OSPF. How to get ASA forward the ospf multicast packets in order making these routers neighbor?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Sat, 03/03/2007 - 11:08


If I understand your post correctly you have two routers with each router connected to an ASA. Unless there is something you have not explained that ought to mean that each router interface was in a different subnet. If the routers are in different subnets they can not become OSPF neighbors.

You could probably configure a GRE tunnel between the routers and they could become neighbors over the tunnel. But then they would route their data over the tunnel and that defeats the purpose of having them connected to the ASA - you might just as well remove the ASA and connect the routes directly.

Perhaps if you explain a bit more about your environment and what it is that you are trying to achieve we might find an alternative that works for you.



daviddtran Sat, 03/03/2007 - 14:46

The most practical solution to this is to run

the ASA in "transparent" mode. That way, you

can still inspect the traffics and decide if

they are allow to pass through the firewall.



CCIE Security

Leo_Stobbe Sun, 03/04/2007 - 21:37

Hi, David!

I can't use ASA in "transparent" mode, as i have

VPN configurations on it..Actually i have involved the ASA to routing process.So it is working fine. I just want to know is there any alternate solution without enabling dynamic routing on ASA and leaving it to focus on its primary job(firewalling)?...


This Discussion