02-13-2023 01:44 PM
Hi all,
Hopefully someone can help me out. I have a 5515x running and clients using AnyConnect to VPN in. Connected to this ASA is the link to Express Route and we're advertising (BGP) subnets from the ASA to Express Route, they all work however people on the AnyConnect VPN cannot access machines in Azure.
The VPN pool subnet is 172.30.8.0/24
Checking the Express Route Routing Table shows there is no route for the VPN subnet and it doesn't appear that the ASA is advertising it either when I run "show bgp" from the ASA the subnet (172.30.8.0/24) isn't present in the list and nor is it present in ER's route table either.
Below is the BGP config from the ASA which i've attempted to sanitise
router bgp xxxxx
bgp log-neighbor-changes
bgp bestpath compare-routerid
address-family ipv4 unicast
neighbor 172.xx.xx.x remote-as xxxxx
neighbor 172.xx.xx.x activate
network 172.xx.x.0 mask 255.255.255.0
network 172.xx.x.0 mask 255.255.255.128
network 172.xx.x.0 mask 255.255.255.0
network 172.xx.x.0 mask 255.255.255.0
network 172.30.8.0 mask 255.255.255.0
network 172.xx.xx.0 mask 255.255.252.0
network 172.xx.xx.0 mask 255.255.255.248
network 192.168.xx.0
network 172.xx.xx.0 mask 255.255.254.0
network 172.xx.xxx.0 mask 255.255.254.0
network 192.168.xxx.0
network 172.xx.xx.x mask 255.255.255.248
network 172.xx.xx.xxx mask 255.255.255.239
no auto-summary
no synchronization
exit-address-family
!
02-13-2023 06:13 PM - edited 02-13-2023 06:14 PM
.
02-13-2023 06:14 PM
The address pool is 172.30.8.1-253 with a mask of /32. If I advertise a network of 172.30.8.100/32 (my vpn client IP) via BGP it seems to work?
I changed the subnet mask of the pool to /24 on the pool and advertised 172.30.8.0/24 but that didn't work, it had the same issue described above
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide