cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
631
Views
0
Helpful
1
Replies

ASA with RA VPN / OSPF / RRI and DHCP

Siebe Brouwer
Level 1
Level 1

Hello,

I'm using an ASA5520 (version 7.2(3)) with RemoteAccess VPN. Client routes are installed in the routing table with Reverse Route Injection and the redistributed with OSPF. A summary route is used to advertise all clients' IP addresses. This prevents changes to the routing tables whenever client log in or out.

RA VPN clients receive their IP addresses from a DHCP server. However, when there are no more VPN connections, the summary route is also dropped. The internal network does not have a route back to the firewall for the DHCP servers' replies. The VPN connection is denied because the firewall cannot assign an IP address to the client.

In short, is it possible to force the firewall to advertise the summary route?

I would prefer not to use a local IP pool.

Kind regards,

Siebe

1 Reply 1

srue
Level 7
Level 7

try putting in a static route to the dhcp pool that points to the inside interface IP of the asa.

i've never tried it so don't know if it will work.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: