Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
453
Views
0
Helpful
4
Replies

Routing Configuration

Go to solution
Joe Lee
Level 1
Level 1

‎03-01-2012 01:19 PM - edited ‎03-04-2019 03:30 PM

Hi,

I am attaching the network digram. I have two routers and one ASA. One router is connected to DMZ and one is connected to Inside interface. I am thinking two options to configure the routing.

1) Understanding the ASA doesn't support BGP, I prefer to run BGP on both routers and BGP will be by pass the ASA. Will that be worked? If so, how can I configure on both routers? What ports/protocols should we need to open since they are in different interfaces on the ASA?

2) Understanding the ASA support OSPF and EIGRP. Since we may need to change to un-Cisco firewall, we need to run OSPF on both routers and the ASA. How can I configure on both routers and ASA?

Configuration sample is greatly appriciated!

Joe

Labels:
Preview file
6 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Vivek Ganapathi
Level 4
Level 4
In response to Joe Lee

‎03-01-2012 07:39 PM

1) Not required to have multi-hop. This is just an iBGP relationship between your R1 & R2.

2) Yes, you need to open TCP 179 on your ASA firewall. I will lab up & provide you a config.

3) If you could provide me the entire topology, then it would be easy to answer this. Where does R2 connect to? Also, running a dynamic routing protocol on a firewall is not a good option IMHO. But it really depends on what you are trying to achieve and how your architecture is.

Thanks

Vivek

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Vivek Ganapathi
Level 4
Level 4

‎03-01-2012 05:25 PM

Hello Joe,

1) Yes, you can run BGP between your router1 & router2. BGP just needs IP connectivity + accessibility to TCP 179. Basically, you don't require ASA to run BGP. But make sure you have allowed the specified port on ASA firewall. Example

access-list acl-1 permit tcp host 192.168.1.1 host 192.168.2.1 eq bgp

2) Yes, if a non-cisco device is planned to be in place of ASA in future, then it's a right time to choose OSPF. Configure all the devices in single area (area 0).

Router 1

router ospf 100

network 192.168.1.0 255.255.255.0 area 0

ASA

router ospf 100

network 192.168.1.0 255.255.255.0 area 0

network 192.168.2.0 255.255.255.0 area 0

Router 3

router ospf 100

network 192.168.2.0 255.255.255.0 area 0

Do run some encryption within OSPF. This is just a sample i provided you, you may need to tweak it based on your topology.


0 Helpful

Go to solution
Joe Lee
Level 1
Level 1
In response to Vivek Ganapathi

‎03-01-2012 07:23 PM

Thank you Vivek!

I have few questions.

1) To run BGP, do I need to run multihop on one of the router?

2) when you are saying the "IP connectivity + accessibility to TCP 179", Assuming to open the port tcp/179, are there anythng I need to open on ASA to allow both router BGP bypass it? Can you provide the configuration sample on both routers?

3) We have already to run static route on the ASA and router 2, When comparing BGP and OSPF in my case, what are the pro and cons?

Thanks!

Joe

0 Helpful

Go to solution
Vivek Ganapathi
Level 4
Level 4
In response to Joe Lee

‎03-01-2012 07:39 PM

1) Not required to have multi-hop. This is just an iBGP relationship between your R1 & R2.

2) Yes, you need to open TCP 179 on your ASA firewall. I will lab up & provide you a config.

3) If you could provide me the entire topology, then it would be easy to answer this. Where does R2 connect to? Also, running a dynamic routing protocol on a firewall is not a good option IMHO. But it really depends on what you are trying to achieve and how your architecture is.

Thanks

Vivek

0 Helpful

Go to solution
Joe Lee
Level 1
Level 1
In response to Vivek Ganapathi

‎03-02-2012 06:03 AM

Thanks again Vivek for looking my issues!

Actually R2 is connected to the LAN switch, and R1 is connected to the border router to internet. Here is the diagram.

Internet--->border-->ASA---> R2--> LAN Switch

                   |                 |

                   |------------>   R1

Sounds you suggest to run BGP instead of OSPF, Do you have any documenation or explain to me why it runs a dynamic routing protocol on a firewall is not a good option IMHO. please provide me the BGP configuration when you get a chance.

Regards,

Joe

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card