Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco ASA - BGP or OSPF support on Multicontext Firewall?

Hello Forum,

I would like to know why is the limitation of Cisco ASA in multicontext mode that it is not able to run routing protocols like OSPF, BGP?

if I see SRX firewall, you can cut that virtually and can configure BGP, OSPF routing instances with virtual firewall.

is there any possibility in ASA product to run OSPF, BGP in multicontext mode?

comments are welcome...

Thanks

Dave

  • Firewalling
7 REPLIES
New Member

Cisco ASA - BGP or OSPF support on Multicontext Firewall?

Hello Jigar Dave,

ASA does support routing protocols on version 9.0 or above. At least OSPFv2 and EIGRP

Reference:

http://www.cisco.com/en/US/docs/security/asa/asa90/release/notes/asarn90.html

Look under Multiple Context Mode Features.

Unfortunately BGP is not supported by the ASA at all, not even on single context.

Hope this helps!

-Eddy Duran

New Member

Cisco ASA - BGP or OSPF support on Multicontext Firewall?

Hi Eddy,

I know routing protocols are not supported in multicontext mode in ASA.

even BGP is not supported at all.

but I would like to know that "why"?

if as customer, one need to buy a firewall that supports various departments of an organization, SRX is giving that facility to differentiate depts. by OSPF/BGP area. but in ASA it is not possible.

looking for an interesting discussion on this topic.

Dave

Bronze

I heard buzz a few months ago

I heard buzz a few months ago that BGP support is on the feature map for the ASA.  I would assume this is software version 10.X running on the next-gen family (5515x, etc).  

BGP support would be very useful for not only load-balancing between multiple ISPs, but also load balancing across multiple VPN tunnels.  The Palo Alto firewalls do this very well and I'm thinking that's what finally put the pressure on Cisco to have a comparable product.

Bronze

BGP now supported in ASA

BGP now supported in ASA version 9.2.1 :)

http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/release/notes/asarn92.html


9.2.1 is currently only offered on the next-gen platforms (5512-x, 5515-x, 5525-x, 5545-x, 5555-x, 5585-x)

VIP Green

To answer your question,

To answer your question, Cisco wants its customers (or at least used to want its customers) to use the ASA as a firewall and not a router.  So you would have one device that is your firewall and one device that is your router.  I suppose they started to realize that customers are looking for an all in one device, so they started adding routing features to the ASA, and firewall features to the routers, yet the firewall still doesn't have all the routing capabilities of a router and the router doesn't have all the firewalling capabilities of the ASA.

You can speculate that this is a marketing ploy so you are required to purchase more devices, or you could look at it in such a way that it is best practice to seperate all functionality in the instance that a device does get hacked.

--

Please remember to select a correct answer and rate

-- Please remember to rate and select a correct answer
Hall of Fame Super Silver

BGP support was introduced on

BGP support was introduced on ASA software 9.2, released just last week.

I would tend to agree with Marius on the advisability of routing with an ASA (or "firewalling" with a router).

Just because you CAN, doesn't mean you SHOULD.

VIP Green

Just to add documentation to

Just to add documentation to what Marvin mentioned about BGP in 9.2 version:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/release/notes/asarn92.html#pgfId-586890

--

Please remember to select a correct answer and rate helpful posts

-- Please remember to rate and select a correct answer
1536
Views
0
Helpful
7
Replies
This widget could not be displayed.