I have an ASA 5510 that terminates multiple L2L and RA tunnels. I currently have 2 interfaces on the ASA Inside and Outside. I have a default 0 0 route configured on the outside interface to the next hop which is a FW. I currently have reverse route injection configured on the crypto map for all the L2L connections and I'm redistributing them into OSPF so that my core Router receives the routes. I now need to create a backup VPN tunnel with our Colo facility in case our MPLS goes down. I currently also have Static routes to our colo facility configured on the internal interface pointing to our core router. My plan is to inject the route(s) to the colo into ospf with higher metric so that when the routes to the colo are removed when the MPLS goes down the traffic traverses the VPN tunnel. I have the tunnel configured and passing traffice between 2 test hosts. Ive also tested injecting the routes with rri. Due to the fact that I currently need static route(s) to the colo configured on the ASA via the Inside interface these are getting propagated into ospf pointing to the wrong gateway. I need to remove the existing default route on the outside interface and add a default route to the inside interface so I dont need all the static routes to colo. My question is this, when I remove the default route from the outside interface where the crypto map is, how are the routes learned for the VPNs? I'm assuming the next hop for all of the rri routes is generated from the default route. Would I need to Add a separate static route for each L2L peer?
That's correct, I am running OSPF and the routes do get redistributed into OSPF as they should. my question is if i remove the default route which is pointing to the next hop connected to the interface where the VPNs terminate how will the ASA determine the path to VPN peers and ultimately the route to the remote vpn networks. So in my scenario if i remove the default route pointing to 192.168.4.1 how how will the asa know to populate the rri routes with the next hop of 192.168.4.1?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...