If there is, is there any reason for it ie. does the ASA actually need to participate in EIGRP or would this summary static route handle all the internal networks. If it did then the only other reason i could see for the ASA participating in EIGRP would be to advertise it's DMZ subnets back to your internal routers. Is this what is happening ?
Yes there are a number of static inside routes that cover all of the internal LAN. I was able to SSH into the ASA, this
was my first involvement with these firewalls, I found that not only is the EIGRP participating with the internal LAN EIGRP
but there is also a redistribute static statement. Which I suspect is the cause of this issue. My conundrum is why did
these duplicate routes appear only after the ASA bounced. They had not been there prior to the bounce.
See attached for routing table and EIGRP config and statics.
There is no attachement
That aside, i think a more relevant question is why did they only turn up after the ASA had been bounced ie. if you have a redistribute static on the ASA and it has formed a neighborship with an internal LAN router they should have been there already.
Note also that they are not duplicate routes, if they were i suspect the ASA routes would not show up. The ASA is sending a summarised route entry and although this includes the internal subnets it is considered a different route because it has a different prefix length so it too will be installed in the internal routers routing table.
So, as i say, it's more a mystery of why they weren't there in the first place.
It's difficult to say without the full topology but if the ASA is only peering with the internal network and not to anything on the outside then i'm not sure why you have that static statement on the ASA ie. either peer with an internal router and exchange routes or use a static route on the ASA but not both. But like i say without knowing the full topology it's not possible to recommend one or the other.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...