Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

unable to run ospf between two ASA's running l2l ipsec tunnel.

Hi All,

my scenario is as shown below :

R1>>ASA1>>internet>>ASA2>>R2

i have established the ipsec tunnel between the two ASA's. now, when i run ospf on both these ASA's ,they do not become neighbors. as per the cisco doc ASA allows OSPF unicast to work over the IPSEC tunnel.

kindly advise me on this.

waiting for reply.

thanks

kirti.

9 REPLIES
New Member

Re: unable to run ospf between two ASA's running l2l ipsec tunne

What does the interface configuration of the ASAs look like and what does your OSPF config on the routers look like?

New Member

Re: unable to run ospf between two ASA's running l2l ipsec tunne

the configs are as follows

on R1

router ospf 10

net 10.1.1.1 0.0.0.0 a 0 (loopback IP)

net 1.1.1.1 0.0.0.0 a 0

---------

on the ASA1 outside interface e0/1 the config is:

int e0/1

nameif outside

sec 0

ip add 2.1.1.2 255.255.255.0

ospf net point-to-point non-broadcast

router ospf 10

net 1.1.1.2 255.255.255.255 a 0

net 2.1.1.2 255.255.255.255 a 0

net 3.1.1.0 255.255.255.0 a 0

neigh 3.1.1.2 int outside (this is the outside IP of the ASA2)

---------

config on ASA 2

int e0/1

nameif outside

sec 0

ip add 3.1.1.2 255.255.255.0

ospf net point-to-point non-broadcast

router ospf 10

net 3.1.1.2 255.255.255.255 a 0

net 4.1.1.2 255.255.255.255 a 0

net 2.1.1.0 255.255.255.0 a 0

neigh 2.1.1.2 int outside (this is the outside IP of ASA1)

----------

on R2

router ospf 10

net 20.1.1.1 0.0.0.0 a 0 (loopback IP)

net 4.1.1.1 0.0.0.0 a 0

thanks

kirti.

New Member

Re: unable to run ospf between two ASA's running l2l ipsec tunne

One more question, are R1 and R2 supposed to be able to talk OSPF or only ASA1 and ASA2?

New Member

Re: unable to run ospf between two ASA's running l2l ipsec tunne

i have enabled ospf on R1 and R2, so that the respective loopbacks on these routers are advertised; and thus i can send traffic from one loopback to another over the IPSEC tunnel.

hence i am running ospf on routers as well as asa.

thanks

kirti.

New Member

Re: unable to run ospf between two ASA's running l2l ipsec tunne

I see your loopback, but I don't see the interface you share with firewall on the inside.

In order to get this OSPF traffic accross the tunnel you need your router to be connected to the firewall on the inside interface in some sort of fashion.

New Member

Re: unable to run ospf between two ASA's running l2l ipsec tunne

hi i am already running opsf between the asa inside and the inside router and the loopback is on the inside router. on the asa i am receiving the loopback route via ospf.

the problem is the ospf running on the outside of the asa . i am not able ot establish ospf neighbourship between the 2 asa outside.

the ipsec tunnel is up and running.

regards

kirti

New Member

Re: unable to run ospf between two ASA's running l2l ipsec tunne

New Member

Re: unable to run ospf between two ASA's running l2l ipsec tunne

can somebody please help me with this issue.

waiting for reply.

thanks

kirti.

New Member

Re: unable to run ospf between two ASA's running l2l ipsec tunne

has anybody been able to implement ospf over ipsec vpn tunnel ?

please let me know the configuration.

regards

kirti.

438
Views
0
Helpful
9
Replies
CreatePlease to create content