Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
813
Views
0
Helpful
2
Replies

ASA/routing: inject route from NAT

teknet7
Level 1
Level 1

‎03-21-2012 01:55 AM - edited ‎03-11-2019 03:44 PM

Hello

ASA8.2 and ASA8.4, first one use classic nat, second ASA twice NAT.

I need to incject into ospf global outside adresses which are from NAT pools or static outside addresses.

On IOS when defining NAT pool i could add it to routing table.

How can i make something similar in ASA ?

I know i could add static routing for all of those pools/static outside addresses - and then redistribute it to ospf, but's

not nice solution, and it's prone for errors (it's easy to forgot to add static routing after adding nat rule)

Thanx

Labels:
0 Helpful
2 Replies 2

tahequivoice
Level 2
Level 2

‎03-21-2012 07:15 AM

use the Crypto reverse-route command.

crypto dynamic-map EZVPN 200 set reverse-route

or

crypto map VPN 10 set reverse-route

This will add the static route for the VPN networks to the ASA routing table and if you run a routing protocol on the ASA it will then add those routes. 

But keep in mind, an ASA is not a router, so it has very limited routing abilities.

0 Helpful

teknet7
Level 1
Level 1
In response to tahequivoice

‎03-21-2012 08:29 AM

I do not have any VPNs on this ASA, reverse-route is just for VPNs

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card