Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
395
Views
0
Helpful
1
Replies

BGP Routing and VPN Access

Shijune
Level 1
Level 1

‎06-07-2021 08:57 PM

I am trying to configure BGP based routing between two sites using two ASA 5506Xs. Routing between most of the sites works fine. The one exception is the VPN networks. The subnets are configured using the Client Address Pool setting in the AnyConnect Connection Profile settings. 

Traditionally when these sites were connected via VPN Tunneling, including the VPN subnets in the source and target networks for the tunnel was sufficient.

When using BGP routing, this is not sufficient. I have tried sharing the VPN subnets as part of the BGP routing. This enabled only one way traffic: The remote non-VPN networks could route to the VPN subnets, but the VPN subnets could not route to the remote non-VPN. The end result was that users who access the VPN could route to local networks (one's specific to that site/VPN) but not the networks on the other end of the VPN. 

I believe part of the problem is that when a VPN connection is made, a /32 route is added to the routing table on the ASA that handles routing for that individual address. But I'm not sure how to resolve this while preserving the otherwise functional VPN config.

Thanks

snaptube.cam/ https://9apps.cam/
Labels:
0 Helpful
1 Reply 1

Elliot Dierksen
VIP
VIP

‎06-08-2021 10:33 AM

Where are the ASA's peering with one another for BGP? Is it an inside interface? Assuming that to be the case, here is a possible solution.

ASA 1 uses 192.168.1.0/24 for VPN addresses. Configure a BGP summary for that network facing ASA 2.

ASA 2 uses 192.168.2.0/24 for VPN addresses. Configure a BGP summary for that network facing ASA 1.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card