My requirement is like

i want to use router 1(bgp is runing)  for internet.

and i want to use router 2(bgp is runing) for many site to site vpn.

i have a apnic range that i want to use in both router 1 and 2

Now requirement is like i want to use firewall in any case (for security reason all traffic router 1 and router should go through firewall))

Now i want to make a site to site vpn with this 172.16.x.x lan on router 2.

Thats why i am asking how to route 172.16.x.x range to router 2 on firewall.

please find the attahment

Hello Prashant,

Long time no see..

As you know the ASA does not support PBR and can have only one default route on on its routing table..

So what I would  like to know if its the both routers and the ASA are on the same broadcast domain???

If they are you could configure a default route pointing ro R1 and then create a route pointing to R2 with the subnet network on the other side of the VPN tunnel.

That should do it!!

Regards,

DO rate all the helpful posts

Julio

Thanks for your concern

Firewall ,router 1 and router 2 are in same broadcast domain

Please share an example  regarding your suggestion

Regards,

Prashant

Hello Prashant,

It looks really simple to me unless I am not understanding this.

You want to send all traffic to the x.x.x.x. (vpn destination) subnet to router 2 and all the internet traffic to router 1 so all you need on the ASA

is a nat 0 ACL for the traffic going to the vpn subnet and the regular nat and global for the internet

Then for the routes you need

route outside 0 0 R1_Ip

route outside x.x.x.x x.x.x.x.x R2_IP

that's all

DO Rate all the helpful posts

Julio

HI,

Thanks for reply

My exact requirement like this

on router 2  site to site vpn is created..

Now on l3 we have many VLANs

from l3 there is default is to firewall .

now from firewall there is default route to router 1 say 0.0.0.0.0 0.0.0.0 203.x.x.x

Out ot that vlan we have one vlan say such as 172.16.x.x.

for 172.16 .x.x site to site vpn is created on router 2

as we know pbr is not supported on asa we cannot send 172.16 traffic to router 2

Now just assume the far end peer ip of vpn created is 101.x.x.x

so for that vpn if i give the route as on asa such as route outside 101..x.x.x 255.255.255.255 203.x.x.100

so route mentioned above thus it work

Hello Prashant,

That is correct.

Regards,

DO rate all the helpful posts

Julio

will check and let u know.Thanks for your help.

Hi Julio,

As checked it is working.Is the any document

where bgp+hsrp+site to site tunnel is implemented on single router.

Hello Prashant,

Glad to hear that is working now. Please mark the question as answered so future users can learn from this.

Now regarding the document, hmm no that I am aware I have not see a document with that info,

Regards,

DO rate all the helpful posts

Julio