I am trying to get a site-to-site IPSec VPN working over a corporate LAN. It works fine but for redundancy, I am trying to get OSPF working. I am using RRI on F1 to the R4 network into OSPF. The problem is that F1 announces that the next hop to R4 is R2 so R2 will not accept the route. How can I fix this?
I did concider this as an option but I wanted to see it there was another way that wouldn't risk bringing down more than the VPN.
In this scenario, R1 and R4 are area 10 routers and F1 is an ABR between area 0 and 10 (F2 is only area 10 and should only be able to route over the vpn). Will it work to define F2 and R2 as peers (different areas) on the same interface?
If you get the time, that would be great. I tried to mock it up in the lab today and I ran into a bit of a hurdle. It seems that the ASA doesn't support point-to-multipoint OSPF. In order to make this work, I figure that I will need to set the directly connected router and the other ASA as peers.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...