Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

advertise VPN subnet with RIP

I would like to advertise the subnet I use for IPSec VPN clients via RIP to my inside network.  I am running ASA 8.4 code.  I have enabled RIP V2 and made sure the interface connected to the inside network is not configured as passive.  I added the subnet of the inside interface to the networks list and I don't have any authentication configured either.  Routers on the inside network are not receiving the VPN subnet via RIP.  What else do I need to do?  Do I need to configure a route-map with the VPN subnet?  Does reverse-route on the VPN cryptomap have anything to do with this?

Thanks,

Diego

  • Firewalling
Everyone's tags (4)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

advertise VPN subnet with RIP

You would need to add the reverse-route statement on that particular vpn peer, as well as "redistribute static" on your RIP process.

Cisco Employee

advertise VPN subnet with RIP

If you just have a specific permit statement, you don't have to configure the deny any any, and it's "distribute-list".

Here is the complete commands:

access-list 10 permit 192.168.1.0

router rip

  distribute-list 10 out

You've got most of it correct

4 REPLIES
Cisco Employee

advertise VPN subnet with RIP

You would need to add the reverse-route statement on that particular vpn peer, as well as "redistribute static" on your RIP process.

New Member

advertise VPN subnet with RIP

That worked great!  Thank you.  One more thing.  Just to be on the safe side I would like to limit RIP advertisements to the VPN subnet only.  I am thinking something like this:

access-list 10 permit 192.168.1.0

access-list 10 deny any any

router rip

distribute list 10 out

How would I do that with ASA 8.4 code?

Thanks again,

Diego

Cisco Employee

advertise VPN subnet with RIP

If you just have a specific permit statement, you don't have to configure the deny any any, and it's "distribute-list".

Here is the complete commands:

access-list 10 permit 192.168.1.0

router rip

  distribute-list 10 out

You've got most of it correct

New Member

advertise VPN subnet with RIP

Worked great.  Thanks,

427
Views
0
Helpful
4
Replies
This widget could not be displayed.