Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
653
Views
2
Helpful
3
Replies

How to EIGRP create & distribute a return route for L2L VPN traffic?

Go to solution
MicJameson1
VIP Alumni
VIP Alumni

‎08-18-2023 12:11 PM - last edited on ‎08-24-2023 10:32 AM by Community Manager

Hello.

I need to create and

EIGRP distribute a return route

for L2L VPN traffic with remote tunnel destination 172.16.33.0/24.

It makes sense to source and

distribute

this route from the ASA that is the L2L endpoint.

The inside interface of the ASA is 172.16.1.5

I decided to create a

static router

in the ASA, then

redistribute it via EIGRP.

There is something basic I'm not understanding in the config, because I appreciate that here I'm trying to create a route that is not needed in the ASA itself. Behold output...

ASA1120(config)# route inside 172.16.33.0 255.255.255.0 172.16.1.5
ERROR: Invalid next hop address 172.16.1.5, it matches our IP address

My intent is to tell the LAN to send the packets to this ASA (so the ASA will send the packets over the tunnel). What is the best way to enable my intent of creating then

EIGRP distributing a return route

for L2L VPN traffic with remote destination 172.16.33.0.?

Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to MicJameson1

‎08-18-2023 10:09 PM - last edited on ‎08-24-2023 10:38 AM by Community Manager

Hello  @MicJameson1 ,

the next-hop must be the gateway on the external interface this is the reason why you get the error, you need to specify the actual next-hop and it cannot be the ASA address on the external interface.

By the way, if your ASA is injecting a

default route into EIGRP routing

domain you even don't need to add this specific route.

Hope to help

Giuseppe

 

View solution in original post

3 Replies 3

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎08-18-2023 12:17 PM - last edited on ‎08-24-2023 10:33 AM by Community Manager

Hello @MicJameson1 ,

you can try to use a

static route

pointing to the external interface the one with the crypto map applied so that the

static route

provides the same path as the crypto map. Traffic will be encrypted.

A static route

to inside looks like not the better choice as it would route to the internal network .

Then you advertise the

static route into EIGRP by using redistribute static + route map

Hope to help

Giuseppe

 

Go to solution
MicJameson1
VIP Alumni
VIP Alumni
In response to Giuseppe Larosa

‎08-18-2023 12:33 PM - last edited on ‎08-24-2023 10:41 AM by Community Manager

I adjusted the route next hop to the IP address of the external interface of the ASA, but i receive same error...

ERROR: Invalid next hop address 1.2.3.4, it matches our IP address
0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to MicJameson1

‎08-18-2023 10:09 PM - last edited on ‎08-24-2023 10:38 AM by Community Manager

Hello  @MicJameson1 ,

the next-hop must be the gateway on the external interface this is the reason why you get the error, you need to specify the actual next-hop and it cannot be the ASA address on the external interface.

By the way, if your ASA is injecting a

default route into EIGRP routing

domain you even don't need to add this specific route.

Hope to help

Giuseppe

 

Customers Also Viewed These Support Documents