ASA VPN with ospf over private Lan

Unanswered Question
Oct 19th, 2007
User Badges:

I am trying to get a site-to-site IPSec VPN working over a corporate LAN. It works fine but for redundancy, I am trying to get OSPF working. I am using RRI on F1 to the R4 network into OSPF. The problem is that F1 announces that the next hop to R4 is R2 so R2 will not accept the route. How can I fix this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mmacdonald70 Sat, 10/20/2007 - 03:57
User Badges:

Thank you for the help.

I did concider this as an option but I wanted to see it there was another way that wouldn't risk bringing down more than the VPN.

In this scenario, R1 and R4 are area 10 routers and F1 is an ABR between area 0 and 10 (F2 is only area 10 and should only be able to route over the vpn). Will it work to define F2 and R2 as peers (different areas) on the same interface?

dciccaro Mon, 10/22/2007 - 07:34
User Badges:
  • Cisco Employee,

If the areas don't match, they won't bring up an adjacency - period.

I all honesty, I cannot commit to anything - but I'll see if I can take a look during this week. It looks interesting - but as said, not sure I will have the time to repro.

mmacdonald70 Mon, 10/22/2007 - 08:57
User Badges:

If you get the time, that would be great. I tried to mock it up in the lab today and I ran into a bit of a hurdle. It seems that the ASA doesn't support point-to-multipoint OSPF. In order to make this work, I figure that I will need to set the directly connected router and the other ASA as peers.


This Discussion