Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco ASA OSPF

Hi,

I have a scenario of a production environment, where ASA uses a (hsrp virtual) IP as default gateway. Since a recent upgrade, there are now two routers and in order for these to manage the routes to the ASA dynamically I need to replace their static routes for the internal network to the ASA with that of a routing protocol.

What I want to solve is:

1) Have ASA still only communicating with the VIP of the routers HSRP.

2) Let the route for 100.50.0.0/20, which goes via ASA, be dynamically added with a routing protocol to ensure that if router01 loses physical connection to Cisco ASA, then router01 knows it can go via router02 (and vice versa)

router01 (active): 100.50.0.1

router02:             100.50.0.2

cisco asa:           100.50.0.3

Inner network, 100.50.0.0/20, for which the both routers now have a static route towards the ASA.

I easily find OSPF documentation, but Im unsure how to implement this in a production environment without losing connectivity. I guess my question can be reduced to: Is it safe to follow a typical Cisco ASA OSPF documentation to add the route dynamically, and when done remove the static routes to accomodate for a convering network in the event of a failure?

  • LAN Switching and Routing
Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Cisco ASA OSPF

I believe that you are correct in your further assessment of your requirements. And it seems to me that using OSPF and having layer 3 redundancy is better than HSRP and layer 2 redundancy.

HTH

Rick

2 REPLIES
New Member

Cisco ASA OSPF

I realize I didn't think it through. I think either have rely on hsrp and using static routes, or scrap hsrp and use ospf. It becomes a case of layer 2 OR layer 3 redundancy - not both.

Hall of Fame Super Silver

Cisco ASA OSPF

I believe that you are correct in your further assessment of your requirements. And it seems to me that using OSPF and having layer 3 redundancy is better than HSRP and layer 2 redundancy.

HTH

Rick

191
Views
0
Helpful
2
Replies