EIGRP and DMZ distribution - Cisco ASA

ALIAOF_ · ‎12-13-2012

I have been able to get EIGRP working successfully in the lab like I want.

Attached is the network overview:

We have a Data Center and Corporate office connected via Point to Point Fiber link, eventually we will have two of these
Two 4948E switches in the Data center acting as cores setup with GLBP
Corporate Office has a 3750X acting as a core
Currently two 4948E's are connected to each other via Port Channel and a L2 trunk
Two set of ASA 5520's one acting as a firewall and for Cisco Any Connect and second for site to site VPN

What is the best way/pratice that I can distribute this DMZ via EIGRP? Should I just leave it static on the core like this?

DMZ Net = 192.168.150.0/24

Inside Interface = 192.168.200.255

On the core I create a static route "ip route 192.168.150.0 255.255.255.0 192.168.200.255". Or a statement like this would be better for future DMZ additions "ip route 0.0.0.0 0.0.0.0 192.168.200.255"?

Peter Koltl · ‎12-13-2012

You can run EIGRP on the ASA too.

ALIAOF_ · ‎12-19-2012

I do not want to run EIGRP on the ASA though.

Julio Carvajal · ‎12-13-2012

Hello Mohammad,

I would recommend you to advertise them via EIGRP, better funcionality, escalability,etc,etc,etc.

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC