We are about to configure NAT on a Client's ASA Firewalls and we need some examples on how to go about configuring ospf for external (outside) interface that will advertise NATed addresses (or NAT Pools) and how to configure the ospf for internal networks (only with private addreses).
Assume a simple example where A is internal Router with Private Networks and RouterG that is a outside public Router with BGP that advertises default route to ASA. ASA translates private addresses to public addresses using NAT/Global.
I'm assuming you want to advertise out the NAT pool so that remote devices know how to route to it ? Therefore i'm assuming also that this is not just standard ISP public addressing because if it is the ISP will take care of advertising the addressing and routing it to you.
With a router you could just create a loopback and run OSPF on that but the ASA doesn't support loopbacks so the best thing to do is
1) create a static route for the NAT pool
2) redistribute this static route into OSPF
As for the internal OSPF, just set it up as you would normally - here is a link to OSPF config on the ASA -
Also I think if you add the reverse-route command to the dynamic crypto map and do a redistribute static that will also work, because with the reverse-route added the pools or at least a host in the pool show up as a static route in the routing table.
Any News on the Topic? I am interested in an answer as well.
I used to create a static route pointing to the outside interface but that ist not working anymore because of some recently added checks befor einserting the route. ASA complains about the fact that the next hop is the asa itself.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...