ASA with RA VPN / OSPF / RRI and DHCP

Unanswered Question
Nov 19th, 2008

Hello,

I'm using an ASA5520 (version 7.2(3)) with RemoteAccess VPN. Client routes are installed in the routing table with Reverse Route Injection and the redistributed with OSPF. A summary route is used to advertise all clients' IP addresses. This prevents changes to the routing tables whenever client log in or out.

RA VPN clients receive their IP addresses from a DHCP server. However, when there are no more VPN connections, the summary route is also dropped. The internal network does not have a route back to the firewall for the DHCP servers' replies. The VPN connection is denied because the firewall cannot assign an IP address to the client.

In short, is it possible to force the firewall to advertise the summary route?

I would prefer not to use a local IP pool.

Kind regards,

Siebe

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Wed, 11/19/2008 - 08:32

try putting in a static route to the dhcp pool that points to the inside interface IP of the asa.

i've never tried it so don't know if it will work.

Actions

This Discussion