Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA VPN with ospf over private Lan

I am trying to get a site-to-site IPSec VPN working over a corporate LAN. It works fine but for redundancy, I am trying to get OSPF working. I am using RRI on F1 to the R4 network into OSPF. The problem is that F1 announces that the next hop to R4 is R2 so R2 will not accept the route. How can I fix this?

4 REPLIES
Cisco Employee

Re: ASA VPN with ospf over private Lan

Hm. Have you tried defining the interface facing the VPN peer as p2p non-broadcast, manually define the neighbor, and get rid of RRI ?

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/ip.html#wp1056026

New Member

Re: ASA VPN with ospf over private Lan

Thank you for the help.

I did concider this as an option but I wanted to see it there was another way that wouldn't risk bringing down more than the VPN.

In this scenario, R1 and R4 are area 10 routers and F1 is an ABR between area 0 and 10 (F2 is only area 10 and should only be able to route over the vpn). Will it work to define F2 and R2 as peers (different areas) on the same interface?

Cisco Employee

Re: ASA VPN with ospf over private Lan

If the areas don't match, they won't bring up an adjacency - period.

I all honesty, I cannot commit to anything - but I'll see if I can take a look during this week. It looks interesting - but as said, not sure I will have the time to repro.

New Member

Re: ASA VPN with ospf over private Lan

If you get the time, that would be great. I tried to mock it up in the lab today and I ran into a bit of a hurdle. It seems that the ASA doesn't support point-to-multipoint OSPF. In order to make this work, I figure that I will need to set the directly connected router and the other ASA as peers.

231
Views
0
Helpful
4
Replies