Cisco Support Community
Community Member

Adding Redundancy ? ASA with OSPF and BGP at the border

Purposed setup

Two ISPs will be connected to two border routers and BGP will be used for redundancy for incoming traffic. Partial routes will be taken from each ISP so that direct connected peers of an ISP are not routed through the other ISP. Internally two core multilayer switches forward all outbound traffic to a pair of ASA5520's in a fail over pair. HSRP is used on the switches so clients will have one of the core switches as their default gateway.

What is the best method to redistribute the routes learned through BGP to the ASA to allow it to send traffic to the correct border router without that router having to send the traffic to the other border router? Should I setup OSPF between the two routers and the ASA with the default route from ISP A and the more specific routes for the connected peers of ISP B? Will this put to much of a load on the ASA5520? The ASA is also performing NAT/PAT and firewalling with about 80 ACL entries.



CrearPor favor para crear contenido