Re: Configuring multiple neighbors for OSPF on ASA

baskervi · ‎12-22-2010

I understand that the ASA's interfaces can only be configured as a point-to-point link for OSPF. When we were on the phone with Cisco, the engineer said to run multiple OSPF areas and we should be good. It doesn't matter if I create mulitple areas or multiple OSPF process IDs, I simply can't create another neighbor as the following error shows up:

ERROR: Only one neighbor allowed on point-to-point interfaces

Is there any possible way to get this working?

Thanks

jgraafmans · ‎12-22-2010

You can configure an interface as point-to-point or leave it to the default which is broadcast. If you leave it to the default it will automatically form neighbors with all other OSPF routers in that network.

baskervi · ‎12-22-2010

But leaving this off will keep an adjacency from forming over a VPN tunnel, correct?

baskervi · ‎12-22-2010

We opened a TAC case for this, and the engineer tried to mock this up and wasn't successful. I presume it can't be done until the features in the firmware are added.

dylan.webb · ‎10-29-2012

Hi,

Has any progress been made with this scenario - is there a way to have multiple OSPF neighbour adjacency’s over multiple IPSEC VPNs?

I have a requirement to have multiple VPNs between multiple ASAs and an IGP running between them over the VPNs, is this still not possible with the ASAs using OSPF? If not can, you suggest any other feasible solutions.

Thanks

JamesVPN123 · ‎11-17-2012

Hi Dylan,

Did you get anywhere with mutliple OSPF neighbors over an IPSEC tunnel?

Now ASA9.0 supports site to site VPNs and OSPFv2 in multiple contexts, could cascading two contexts work?

James.