Solved: How does ASA advetise a network with that network configured locally ?

gongya001 · ‎09-06-2020

I have a following topology

ASA --------Router ------------ Remote sites

|

local network

My ASA is one armed, the router advertised default route to ASA. I reserved a network for source NAT purpose. For local network to reach that source NAT network, I create a static route pointing to Router, then redistribute it into bgp to advertise to Router.

The issue is if VPN has issues or misconfigured, then route loop occurs.

If I use network statement to distribute source NAT network, as it is not in local route table, it does not advertise.

Any insights of how to resolve this ?

thanks !!

Mohammed al Baqari · ‎09-06-2020

Hi, just create a wide null0 route covering your source nat subnet and
advertise it using BGP. Then the longer prefix source nat subnets within
this supernet will be reachable. Otherwise, advertise summary route using
larger subnet which includes your source route subnet.

*** please remember to rate useful posts.

View solution in original post

Mohammed al Baqari · ‎09-06-2020

Hi, just create a wide null0 route covering your source nat subnet and
advertise it using BGP. Then the longer prefix source nat subnets within
this supernet will be reachable. Otherwise, advertise summary route using
larger subnet which includes your source route subnet.

*** please remember to rate useful posts.

gongya001 · ‎09-06-2020

thanks so much !!

I used to do that, it advertised the prefix, but when traffic used it as destination for returned traffic, it did not work. I was not sure which was processed first, routing and nat.

Now I configured static route pointing to lookback ip 127.0.0.1, seems working.

I remember ASA did some change after 8.2.

Looking for the current ASA processing order docs.