07-23-2012 04:02 PM - edited 03-11-2019 04:33 PM
I would like to advertise the subnet I use for IPSec VPN clients via RIP to my inside network. I am running ASA 8.4 code. I have enabled RIP V2 and made sure the interface connected to the inside network is not configured as passive. I added the subnet of the inside interface to the networks list and I don't have any authentication configured either. Routers on the inside network are not receiving the VPN subnet via RIP. What else do I need to do? Do I need to configure a route-map with the VPN subnet? Does reverse-route on the VPN cryptomap have anything to do with this?
Thanks,
Diego
Solved! Go to Solution.
07-23-2012 07:01 PM
You would need to add the reverse-route statement on that particular vpn peer, as well as "redistribute static" on your RIP process.
07-24-2012 08:03 PM
If you just have a specific permit statement, you don't have to configure the deny any any, and it's "distribute-list".
Here is the complete commands:
access-list 10 permit 192.168.1.0
router rip
distribute-list 10 out
You've got most of it correct
07-23-2012 07:01 PM
You would need to add the reverse-route statement on that particular vpn peer, as well as "redistribute static" on your RIP process.
07-24-2012 06:59 PM
That worked great! Thank you. One more thing. Just to be on the safe side I would like to limit RIP advertisements to the VPN subnet only. I am thinking something like this:
access-list 10 permit 192.168.1.0
access-list 10 deny any any
router rip
distribute list 10 out
How would I do that with ASA 8.4 code?
Thanks again,
Diego
07-24-2012 08:03 PM
If you just have a specific permit statement, you don't have to configure the deny any any, and it's "distribute-list".
Here is the complete commands:
access-list 10 permit 192.168.1.0
router rip
distribute-list 10 out
You've got most of it correct
07-25-2012 04:51 PM
Worked great. Thanks,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide