07-28-2022 12:04 PM
We have a Cisco Firepower 2110 running ASA 9.16. Remote VPN users log in to the ASA via AnyConnect and receive an IP address from a VPN pool depending on whether they are in a certain Active Directory group.
VPN users log in with different user names to access three different networks. These are separate and distinct networks that don't have any interconnections. The Cisco ASA is the only point in which they meet.
I am trying to use OSPF to distribute the VPN user's IP address to each network. The VPN user's IP address is from a different pool depending on which username they use to log in, as stated above.
Cisco ASA can support two OSPF processes. How do I keep the route distributions separate for each of the three networks connecting to the ASA? I believe I can keep two networks separate by running two processes? But how do I handle the third network? A different area within one of the OSPF processes? Or by using OSPF route filtering?
07-28-2022 12:10 PM
You can
ASA-R/L3SW
in R/L3SW
config three static router
ip route VPN Pool 1 ASA
ip route VPN Pool 2 ASA
ip route VPN Pool 3 ASA
then if you run OSPF in R/L3SW redistribute the three static route.
07-29-2022 05:00 AM
for isolation do that with Routing meaning you need to run virtual network in all your topology.
try instead use ACL to filter traffic between the VPN Pool.
07-28-2022 04:06 PM
Hello
If FTD support VRF's then you can segregate the three networks so to have them running within there own isolated rib tables
08-01-2022 12:59 PM
Thanks for the responses... I'll review this information and see what the best way to proceed is...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide