04-13-2012 01:02 AM - edited 03-11-2019 03:53 PM
L3 sitch is connected to firewall and firewall is connected to router
on l3 network 10.0.0.0/24
172.16.0.0/24
and default route is to firewall
from firewall default route is ROUTE OUTSIDE 0.0.0.0 0.0.0.0 202.x.x.x(router)
I have another router my requirement is i want 172.16.0.0 /24 data should go through this router(124.x.x.x)
iF I GIVE THE ROUTE ROUTE OUTSIDE 172.16.X.X 255.255.255.0 124.X.X.X ON FIREWALL THUS IT WORK
04-13-2012 08:06 AM
What type of access does those two routers offer ? Internet ?
Dan
04-13-2012 08:46 PM
My requirement is like
i want to use router 1(bgp is runing) for internet.
and i want to use router 2(bgp is runing) for many site to site vpn.
i have a apnic range that i want to use in both router 1 and 2
Now requirement is like i want to use firewall in any case (for security reason all traffic router 1 and router should go through firewall))
Now i want to make a site to site vpn with this 172.16.x.x lan on router 2.
Thats why i am asking how to route 172.16.x.x range to router 2 on firewall.
please find the attahment
04-13-2012 09:22 PM
Hello Prashant,
Long time no see..
As you know the ASA does not support PBR and can have only one default route on on its routing table..
So what I would like to know if its the both routers and the ASA are on the same broadcast domain???
If they are you could configure a default route pointing ro R1 and then create a route pointing to R2 with the subnet network on the other side of the VPN tunnel.
That should do it!!
Regards,
DO rate all the helpful posts
Julio
04-13-2012 11:37 PM
Thanks for your concern
Firewall ,router 1 and router 2 are in same broadcast domain
Please share an example regarding your suggestion
Regards,
Prashant
04-14-2012 12:16 AM
Hello Prashant,
It looks really simple to me unless I am not understanding this.
You want to send all traffic to the x.x.x.x. (vpn destination) subnet to router 2 and all the internet traffic to router 1 so all you need on the ASA
is a nat 0 ACL for the traffic going to the vpn subnet and the regular nat and global for the internet
Then for the routes you need
route outside 0 0 R1_Ip
route outside x.x.x.x x.x.x.x.x R2_IP
that's all
DO Rate all the helpful posts
Julio
04-14-2012 01:08 AM
HI,
Thanks for reply
My exact requirement like this
on router 2 site to site vpn is created..
Now on l3 we have many VLANs
from l3 there is default is to firewall .
now from firewall there is default route to router 1 say 0.0.0.0.0 0.0.0.0 203.x.x.x
Out ot that vlan we have one vlan say such as 172.16.x.x.
for 172.16 .x.x site to site vpn is created on router 2
as we know pbr is not supported on asa we cannot send 172.16 traffic to router 2
Now just assume the far end peer ip of vpn created is 101.x.x.x
so for that vpn if i give the route as on asa such as route outside 101..x.x.x 255.255.255.255 203.x.x.100
so route mentioned above thus it work
04-14-2012 11:27 AM
Hello Prashant,
That is correct.
Regards,
DO rate all the helpful posts
Julio
04-14-2012 11:39 PM
will check and let u know.Thanks for your help.
04-15-2012 01:00 AM
Hi Julio,
As checked it is working.Is the any document
where bgp+hsrp+site to site tunnel is implemented on single router.
04-15-2012 11:22 AM
Hello Prashant,
Glad to hear that is working now. Please mark the question as answered so future users can learn from this.
Now regarding the document, hmm no that I am aware I have not see a document with that info,
Regards,
DO rate all the helpful posts
Julio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide