12-08-2015 07:58 AM - edited 03-05-2019 02:53 AM
Hey Guys,
I am thinking about gettng EIGRP, I am starting to get a lot of static routes, but I have about 10 managed MPLS sites, and about 4 VPN sites.
2 3750X in data center acting as cores
2 ASA 5510 (8.2.5) active/standby
The core switches has the ASA as the default route, and has a route for the MPLS sites to be forwarded to the MPLS router.
What would be the best way to advertise the ipsec VPN static routes? Currently I am not using any routing protocol, I have 18 sites which are all either a VPN site or a managed MPLS site.
12-08-2015 08:22 AM
Hello Chad,
You can configure dynamic routing protocol between ASA and core switches and use redistribution of stic route into EIGRP.
To run dynamic routing protocol with ASA, it shoudl be running code 9.x or later.
Hope it Helpss.
-GI
Rate if it Helpss
12-08-2015 09:49 AM
Thanks, I have another question, my HQ want me to route my 10.x.x.x network to there ASA, but my VPN sites did not like that, would the alternative be to create a static route for my VPN sites to get routed to the outside interface automatically, instead of the default route?
12-09-2015 06:29 AM
Hello Chad,
I would recommend default route only in case where you have VPN termination in one DC and your encryption domain is bit large which is shared between customer.
we do have static routing for vpn subnet in our DC's because we are splitting VPN tunnel between DC's.
With static route you actually control and knows which remote site the subnet belongs and easy for troubleshooting at times.
Hope it Helps..
-GI
Rate if it Helpss
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: