Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
762
Views
3
Helpful
2
Replies

ASA 5545-X Multiple Context with BGP

2044418Puts
Level 1
Level 1

‎07-21-2015 07:18 AM - edited ‎03-11-2019 11:18 PM

Hi,

I'm trying to figure out wheiter or not the new multiple context BGPv4 and BGPv6 feature works ok. I've not been able to find any related information on the Internet regarding people actually using this feature. Anyone any experience with this?

Our ASA's run quite a few context's. Each with their own DMZ using public IP's. Also we are using IPv6 addressing in the DMZ networks and in the inside networks. I would like to have these networks dynamically advertised to our edge routers, which are route reflectors.

Anyone any experience with this in a production environment?

Thanks!

 

Labels:
0 Helpful
2 Replies 2

Marius Gunnerud
VIP
VIP

‎07-21-2015 08:26 AM

We were toying with the idea of using BGP on our ASA in our environment, but due to design considerations and company IT policies we did not implement it.  I suppose the most common reason you are not seeing this used in many environments is that keeping the different network functions seperate is still a best practice.  The environments where you will see BGP being used at the moment is in environments where companies do not have the budget to add a WAN router to their office, site, etc.

That being said, I know of a couple companies that run BGP on their ASAs and I have not heard about any complaints or problems there.  Then again, I am not the one that is the administrator for these ASAs.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-21-2015 09:13 AM

I agree with Marius - you'd be out on the leading (bleeding?) edge of implementation practices to run BGP on a multicontext ASA.

I haven't done it with BGP but did come across one key issue when trying to do something similar with OSPF - specifically with subinterfaces on a physical interface shared across several context. We found we could not route between those subinterfaces (and thus contexts) as the ASA did not support the necessary multicast required to establish OSPF neighbor adjacency. (That was ca. 9.2 code.)

We ended up scrapping that aspect of the design and moving to a single context model.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card