Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
425
Views
0
Helpful
1
Replies

Dynamic routing protocol between ASAs over ipsec L2L?

3moloz123
Level 1
Level 1

‎02-10-2014 05:09 AM - edited ‎03-04-2019 10:18 PM

I wonder if there is any possibility to form a neighborship between two ASAs over an ipsec site-to-site. The ASAs are in the picture named "office" and "DC". In reality there's +40 subnets, and is often the subject to human error. The DC ASA often get new routes to remote network, either over l2l or physically connected or otherwise routed. I now wonder if there is a possiblity to run OSPF or EIGRP, or similar, across a l2l tunnel so that I would only have to add routing at the DC location, and of course proper access-lists, and those routes would propagate out to the office and possibly other branches.

After some googling, I think it seems not doable at least with OSPF - but Im not sure. I hope the picture makes more sense then my explanation.

My objective is, in short:

Be able to add or learn a route for DC ASA, and have that propagated to office. without tunnel everything or all rfc1918s (the office asa does have other remote location, so a generic rfc1918 object would not be suitable to the DC ASA).

Thanks in advance

Labels:
Preview file
69 KB
0 Helpful
1 Reply 1

Vasilii Mikhailovskii
Level 7
Level 7

‎02-10-2014 09:59 AM

Hello.

It's not possible to run OSPF or EIGRP in your case.

I guess BGP could help you, but ASA doesn't support it.

I also think, that even if wou ran dynamic protocol, you would face an issue with encryption ACL.

Per my understanding the best soultion would be to use sinlge summary for all the subnets you allocate per site.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card