ASA 5510 with routing into MPLS

Unanswered Question
Aug 15th, 2008

HI All,

Not sure if this is right here, but I have a 5510 which is doing a l2l vpn tunnel and it is the default gateway for the lan.

Now , we have added 2 MPLS routers with the inside interfaces into the lan network.

They are configured in HSRP mode , and I would need to route the traffic into the FW to go through the virtual of the routers, but in the same time I need the existing VPN tunnel to be a backup connection in case something fails with the MPLS.

Is ASA capable of this , has anyone doen this before?

Thansk

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Fri, 08/15/2008 - 09:55

Hello Vlad,

I think it would be much better to have a dynamic routing protocol between ASA and the two routers to be able to detect double failure.

HSRP will not help, if the routers are connected via a LAN switches after they both fail the ASA will try to send traffic to the VIP's MAC until its ARP entry fails.

Use OSPF instead and use a floating static route with AD 200 (a final 200 at the end in IOS) to use the tunnel when both routers had failed or lost their MPLS connection.

(the last will need some work on the routers but it is possible)

Hope to help

Giuseppe

Actions

This Discussion