EIGRP on Outside ASA interface

Unanswered Question
May 15th, 2008

Is it possible to create a neighbor relationship between an ASA and a router on the external interface? I would like to have the ASA receive the default route from our external DS3 router so that I can reroute to our secondary provider should an outage occur.

I worked on this last night for a couple of hours with no luck and can't find any documentation showing the solution. I went as far as statically configuring neighbor relationships, allowing eigrp on the ACL attached to the Outside interface etc and had no luck. The ASA does not appear to send any EIGRP traffic out the external interface. Any suggestions? Anyone done this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
smahbub Wed, 05/21/2008 - 06:10

EIGRP hello packets are sent as multicast packets. If an EIGRP neighbor is located across a nonbroadcast network, such as a tunnel, you must manually define that neighbor. When you manually define an EIGRP neighbor, hello packets are sent to that neighbor as unicast messages.

Refer the following url for Configuring EIGRP on the Cisco Adaptive Security Appliance (ASA):

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008086ebd2.shtml

Refer the following url for more information on EIGRP neighbor configuration:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/ip.html#wp1102147

scottcraig Wed, 05/21/2008 - 10:24

Thanks for your reply. Unfortunately, like I stated in the original post I have already tried manually configuring the neighbor relationship and it is not working. Do you know for certain it will work? Do the minor revs of v8 make a difference? I am currently on 8.02.

Thanks,

Scott

srue Wed, 05/21/2008 - 10:25

that shouldn't make a difference.

can you post the config you were trying to use on each device involved?

scottcraig Wed, 05/21/2008 - 10:51

What pieces would you like to see? It is a fairly sizable production environment. Assume that I am very competent and experienced and simple mistakes won't be made. The main thing I am trying find out is whether or not anyone has actually seen it work and if so, were there any special things that needed to get done to make it work properly. Internally, EIGRP is working well. The network statements are correct as are the neighbor statements.

Actions

This Discussion