RemoteAccess IP's not propagating in OSPF

Unanswered Question
Apr 28th, 2008
User Badges:

Hi,


I have a VPN-only setup with ASA5520s running Active/Standby failover. On the inside interface I have an OSPF setup with the ASA (both area 0). The ASA learns routes from the router. However, the router doesn't learn any routes from the ASA for RA clients. I've configured a pool of IPs which appear in the ASA routing table to come from the external interface and are /32s but those routes don't seem to propagate via OSPF to the inside router. I did try to redistribute the static into ospf on the ASA but to no avail.


Is there anything special I need to do to get these routes to propagate via OSPF?


Casey

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
mchin345 Mon, 05/05/2008 - 05:43
User Badges:
  • Silver, 250 points or more

Post the running config of your device.

JORGE RODRIGUEZ Mon, 05/05/2008 - 07:57
User Badges:
  • Green, 3000 points or more

I can think of vpn pool network advertizement in asa ospf process, asa ospf does not know about vpn pool network unless you tell it to advertize it. Advertize the vpn network in your ospf process asa inside interface, can you try that please.


e.i, assume vpn pool network is 10.20.20.0/24


router ospf

log-adj-changes

area

network 10.20.20.0 255.255.255.0 area



srue Mon, 05/05/2008 - 09:08
User Badges:
  • Blue, 1500 points or more

is RRI enabled on your dynamic crypto map?

crypto dynamic-map DYNAMIC 10 set reverse-route


and make sure to redistribute static routes into ospf.

Actions

This Discussion