Solved: advertise VPN subnet with RIP

tato386 · ‎07-23-2012

I would like to advertise the subnet I use for IPSec VPN clients via RIP to my inside network. I am running ASA 8.4 code. I have enabled RIP V2 and made sure the interface connected to the inside network is not configured as passive. I added the subnet of the inside interface to the networks list and I don't have any authentication configured either. Routers on the inside network are not receiving the VPN subnet via RIP. What else do I need to do? Do I need to configure a route-map with the VPN subnet? Does reverse-route on the VPN cryptomap have anything to do with this?

Thanks,

Diego

Jennifer Halim · ‎07-23-2012

You would need to add the reverse-route statement on that particular vpn peer, as well as "redistribute static" on your RIP process.

View solution in original post

Jennifer Halim · ‎07-24-2012

If you just have a specific permit statement, you don't have to configure the deny any any, and it's "distribute-list".

Here is the complete commands:

access-list 10 permit 192.168.1.0

router rip

distribute-list 10 out

You've got most of it correct

View solution in original post

Jennifer Halim · ‎07-23-2012

You would need to add the reverse-route statement on that particular vpn peer, as well as "redistribute static" on your RIP process.

tato386 · ‎07-24-2012

That worked great! Thank you. One more thing. Just to be on the safe side I would like to limit RIP advertisements to the VPN subnet only. I am thinking something like this:

access-list 10 permit 192.168.1.0

access-list 10 deny any any

router rip

distribute list 10 out

How would I do that with ASA 8.4 code?

Thanks again,

Diego

Jennifer Halim · ‎07-24-2012

If you just have a specific permit statement, you don't have to configure the deny any any, and it's "distribute-list".

Here is the complete commands:

access-list 10 permit 192.168.1.0

router rip

distribute-list 10 out

You've got most of it correct

tato386 · ‎07-25-2012

Worked great. Thanks,