03-23-2009 08:34 AM - edited 03-04-2019 04:03 AM
We are moving from an all static route environment to OSPF. Currently we tell each remote router that the route for outside VPN is found on our ASA at each site. ip route x.x.x.x 255.255.255.0 10.x.x.x
How do I code the same thing in router using OSPF so that all the other routers know where that VPN tunnel is to outside world on our ASA?
Thanks for help
Solved! Go to Solution.
03-23-2009 10:00 AM
Hello Joseph,
ASA supports OSPF (this can be version dependent)
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ip.html
By the way your suggestions are reasonable
Hope to help
Giuseppe
03-23-2009 12:52 PM
If the ASA supports running OSPF, it might be as simple as "covering" the interfaces of interest with a OSPF network statement within the OSPF config (much as you would do on a router).
(I haven't worked with an ASA, but glancing at the reference Giuseppe provided, it might be as simple as I just described. [If not, someone please correct.])
03-23-2009 08:54 AM
Jon:
This question really speaks to what you are doing on your network in general.
What is the topology? Hub and spoke?
What are the remote users trying to access, the corporate network or the Internet?
How are you planning on implementing OSPF?
03-23-2009 10:04 AM
We are a router on a stick right now. But the attachment that I provided shows how we want it to look in the future. Router A (our router) will connect to Router B (the co-located vendor router).
Every site has that same topology. The VPN is for people to access the corporate network.
How will we implement OSPF? Good question. As you can see our router connectivity is very simple. There will be one connection to the LAN and one connection to the vendor router.
Anything fancy that we will need to do via OSPF the vendor will dictate. I just need to understand how to advertise the VPN tunnel to the rest of the network.
03-23-2009 09:46 AM
Assuming the ASA can't run OSPF, on any OSPF router that's connected to it, you might use a static route (probably much as you do now) that you also redistribute into OSFP. Other OSPF routers will then see the route information within OSPF.
Another method might be to configure a GRE tunnel through the ASA and run OSPF on the tunnel interface. Then both sides of the tunnel can know all the routes on the other side of the tunnel.
03-23-2009 10:00 AM
Hello Joseph,
ASA supports OSPF (this can be version dependent)
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ip.html
By the way your suggestions are reasonable
Hope to help
Giuseppe
03-23-2009 10:46 AM
Joseph
Thanks for the response. If I understand you correctly I need to code the following on the ASA:
router ospf 1
and then the redistribute parameter?
I am looking at the link that Giuseppe
sent and that seems to be what is needed?
03-23-2009 12:52 PM
If the ASA supports running OSPF, it might be as simple as "covering" the interfaces of interest with a OSPF network statement within the OSPF config (much as you would do on a router).
(I haven't worked with an ASA, but glancing at the reference Giuseppe provided, it might be as simple as I just described. [If not, someone please correct.])
03-24-2009 10:57 AM
Thanks for the help from all of you. It was just a matter, as you indicated, of adding a few OSPF statements to the ASA.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide