cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
670
Views
0
Helpful
4
Replies

ASA VPN with ospf over private Lan

mmacdonald70
Level 1
Level 1

I am trying to get a site-to-site IPSec VPN working over a corporate LAN. It works fine but for redundancy, I am trying to get OSPF working. I am using RRI on F1 to the R4 network into OSPF. The problem is that F1 announces that the next hop to R4 is R2 so R2 will not accept the route. How can I fix this?

4 Replies 4

dciccaro
Cisco Employee
Cisco Employee

Hm. Have you tried defining the interface facing the VPN peer as p2p non-broadcast, manually define the neighbor, and get rid of RRI ?

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/ip.html#wp1056026

Thank you for the help.

I did concider this as an option but I wanted to see it there was another way that wouldn't risk bringing down more than the VPN.

In this scenario, R1 and R4 are area 10 routers and F1 is an ABR between area 0 and 10 (F2 is only area 10 and should only be able to route over the vpn). Will it work to define F2 and R2 as peers (different areas) on the same interface?

If the areas don't match, they won't bring up an adjacency - period.

I all honesty, I cannot commit to anything - but I'll see if I can take a look during this week. It looks interesting - but as said, not sure I will have the time to repro.

If you get the time, that would be great. I tried to mock it up in the lab today and I ran into a bit of a hurdle. It seems that the ASA doesn't support point-to-multipoint OSPF. In order to make this work, I figure that I will need to set the directly connected router and the other ASA as peers.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: