05-21-2007 10:17 AM - edited 03-11-2019 03:17 AM
Hi All,
my scenario is as shown below :
R1>>ASA1>>internet>>ASA2>>R2
i have established the ipsec tunnel between the two ASA's. now, when i run ospf on both these ASA's ,they do not become neighbors. as per the cisco doc ASA allows OSPF unicast to work over the IPSEC tunnel.
kindly advise me on this.
waiting for reply.
thanks
kirti.
05-21-2007 10:20 AM
What does the interface configuration of the ASAs look like and what does your OSPF config on the routers look like?
05-21-2007 10:32 AM
the configs are as follows
on R1
router ospf 10
net 10.1.1.1 0.0.0.0 a 0 (loopback IP)
net 1.1.1.1 0.0.0.0 a 0
---------
on the ASA1 outside interface e0/1 the config is:
int e0/1
nameif outside
sec 0
ip add 2.1.1.2 255.255.255.0
ospf net point-to-point non-broadcast
router ospf 10
net 1.1.1.2 255.255.255.255 a 0
net 2.1.1.2 255.255.255.255 a 0
net 3.1.1.0 255.255.255.0 a 0
neigh 3.1.1.2 int outside (this is the outside IP of the ASA2)
---------
config on ASA 2
int e0/1
nameif outside
sec 0
ip add 3.1.1.2 255.255.255.0
ospf net point-to-point non-broadcast
router ospf 10
net 3.1.1.2 255.255.255.255 a 0
net 4.1.1.2 255.255.255.255 a 0
net 2.1.1.0 255.255.255.0 a 0
neigh 2.1.1.2 int outside (this is the outside IP of ASA1)
----------
on R2
router ospf 10
net 20.1.1.1 0.0.0.0 a 0 (loopback IP)
net 4.1.1.1 0.0.0.0 a 0
thanks
kirti.
05-21-2007 10:36 AM
One more question, are R1 and R2 supposed to be able to talk OSPF or only ASA1 and ASA2?
05-21-2007 10:40 AM
i have enabled ospf on R1 and R2, so that the respective loopbacks on these routers are advertised; and thus i can send traffic from one loopback to another over the IPSEC tunnel.
hence i am running ospf on routers as well as asa.
thanks
kirti.
05-21-2007 11:00 AM
I see your loopback, but I don't see the interface you share with firewall on the inside.
In order to get this OSPF traffic accross the tunnel you need your router to be connected to the firewall on the inside interface in some sort of fashion.
05-22-2007 04:12 AM
hi i am already running opsf between the asa inside and the inside router and the loopback is on the inside router. on the asa i am receiving the loopback route via ospf.
the problem is the ospf running on the outside of the asa . i am not able ot establish ospf neighbourship between the 2 asa outside.
the ipsec tunnel is up and running.
regards
kirti
05-22-2007 04:55 AM
also, just FYI i am configuring as per this doc: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00804acfea.shtml
thanks
kirti
05-23-2007 08:19 AM
can somebody please help me with this issue.
waiting for reply.
thanks
kirti.
05-26-2007 06:36 AM
has anybody been able to implement ospf over ipsec vpn tunnel ?
please let me know the configuration.
regards
kirti.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: