We have a VPN endpoint (ASA) running v 8.2(2) which has multiple VPN connections to external vendor networks. On our network core we have static routes pointing traffic to these remote subnets via the VPN appliance. Is there anyway to place the remote network addresses into EIGRP on the ASA so that the static routes on the core are no longer required?
okay, so the ASA does not need to have an interface in the network that it is advertizing in EIGRP? I can just specify the networks within the EIGRP instance? Also how do I stop remote peers from sending me EIGRP information?
Yes, as far as I know you have to have an asa interface adjacent to a device that is doing eigrp , now I am a little confused, If you have basic net diagram that will help, if I understand your original post you have several tunnels terminating on your ASA firewall (outside) interface, my understanding of your reques is that those far end VPN subnets comming into your firewall you have to statically enter them in your CORE switch so that your internal network knows which gateway to use ( the ASA) to get to the far end subnets through the ipsec tunnel is this correct? if so in that case if you want to prevent static routing on your CORE you have make the ASA firewal participate in routing from your inside so that you can either use static route in your firewall and redistribute by eigrp and dynamicall propagate those VPN subnest you have comming into your firewall .. please correct me if I have missunderstood your quirements.
The remote network is 22.214.171.124/24 the local network is 126.96.36.199/24 The local VPN device is 188.8.131.52/24 (inside interface). Currently the core switch (184.108.40.206) has a static route that says 220.127.116.11 is reachable via 18.104.22.168.
I want to be able to have the ASA to announce it is the gateway for 22.214.171.124 using EIGRP so that the static route can be removed from the core switch
yes, all the work for EIGRP is done, it is the route advertizement that I am asking about.
Your configuration does not appear to be valid, as if I create routes for the remote networks that are to go via the outside interface with the next hop being the other gateway IP address they will not be sent through the tunnel.. Infact the packets will be dropped as they have not routable addresses and are subject to the NAT 0 statement.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...