How to announce (OSPF) the public IP address of a static NAT... - Page 2

gjackson · ‎03-13-2009

I have an ASA that uses a static NAT ex:

static (inside,outside) 192.0.2.178 10.192.100.178 netmask 255.255.255.255

I am running OSPF between the ASA and a border router. I have a static route on the border router pointing traffic for 192.0.2.178/32 to the ASA. I would like to eliminate the static route on the border, and simply announce the host-specific route from the ASA using the OSPF process.

I have tried a static route on the ASA that points to its outside interface:

route outside 192.0.2.1 255.255.255.255 10.128.253.1 1

and I have "redistribute static subnets" in the ospf process.

The ospf Link state appears in the border router, and the traffic is forwarded to the ASA, but it doesn't make it through.

can anyone recommend a way to accomplish this? I would like to do this similarly to announcing a null0 route from a router, but the ASA doesn't support the interface syntax for a destination in a static route statement.

ideas anyone? Thanks!

snetherland · ‎04-20-2009

Unfortunately, I have very limited experience with the PIX/ASA product line, so I'm not sure how applicable this will be. However, with ISRs it's as simple as creating a static NAT entry, a static route towards the actual host, and redistribution into your routing protocol. Obviously there is a lot of personalization that can be done at each point depending on the design, but those are really the basic steps.

Example:

!

interface FastEthernet0/0

ip address 200.200.200.1 255.255.255.0

ip nat enable

!

interface FastEthernet0/1

ip address 10.10.10.1 255.255.255.0

ip nat enable

!

ip nat source static 10.10.10.5 100.100.100.5

!

ip route 100.100.100.5 255.255.255.255 10.10.10.5

Redistribute static routes into routing protocol, modify route-filters, apply seed metrics, firewall policies, etc.

I know this is basic but I hope you find it helpful.