Hairpin Inet + Site to Site VPN + MPLS WAN + EIGRP scenario problem
I am trying to use our ASA pair at our main datacenter as the Internet hub for all our remote sites that hit it over our MPLS WAN as well as a site to site VPN hub hairpinning the Inet traffic. This is all dynamically routed using EIGRP and GRE tunnels.
For traffic destined for the Internet coming over the WAN to the datacenter it will go out the Internet link on the ASA. The ASA has a route on the inside interface for the remote sites /16 address. When that link fails though it still has the static route for the /16 on the inside interface so when our router sees the remote sites through the ASA with the site to site tunnel and not across the WAN the traffic will not route over that ASA.
I have tried to route the traffic on the ASA by having the identity NAT statement select the egress interface and then putting in another static for that same /16 on the outside interface with adminstrative distance of 2, but that is failing for me as well.
It seems that I am limited on the capabilities of the ASA. The only "solution" I can think of would be IP SLA on the ASA, but I'm hoping there's a more elegant way to do this.
Inviting all network professionals in operations! We'd like to understand what would be valuable for you in a mobile application. Your response will help Cisco improve a product feature that could benefit you. Thanks!
Click here to take the sur...
Cisco’s software-defined wide area network (SD-WAN) solution allows user to quickly and seamlessly establish an overlay fabric to connect an enterprise’s data centers, branch and campus locations, as well as colocation facilities in order to imp...
1. Log into CLI of DNAC:
ssh maglev@< DNAC appliance IP> -p 2222
2. Run this curl command to get token to get member id:
curl -X POST -u admin:<admin user password> -H -V https://<CLUSTER-IP>/api/system/v1/identitymgmt/token
Enterprise Switching Business Unit is glad to announce Beta release 16.12.2 for all Catalyst 9200/9300/9400/9500/9600 and Catalyst 3650/3850 Platforms. This release is made available to allow users to test, evaluate and share fee...
Purpose of the document
This document describes the general recommendations or best practices when designing and deploying the Cisco SD-Access technology. The document assumes that the reader has a general overview of Cisco's SD-Access for Distributed C...