Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
258
Views
5
Helpful
3
Replies

Implementing EIGRP on ASA

Chad Campbell
Level 1
Level 1

‎12-08-2015 07:58 AM - edited ‎03-05-2019 02:53 AM

Hey Guys,

I am thinking about gettng EIGRP, I am starting to get a lot of static routes, but I have about 10 managed MPLS sites, and about 4 VPN sites.

2 3750X in data center acting as cores
2 ASA 5510 (8.2.5) active/standby

The core switches has the ASA as the default route, and has a route for the MPLS sites to be forwarded to the MPLS router.

What would be the best way to advertise the ipsec VPN static routes? Currently I am not using any routing protocol, I have 18 sites which are all either a VPN site or a managed MPLS site.

Labels:
0 Helpful
3 Replies 3

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎12-08-2015 08:22 AM

Hello Chad,

You can configure dynamic routing protocol between ASA and core switches and use redistribution of stic route into EIGRP. 

EIGRP with ASA

To run dynamic routing protocol with ASA, it shoudl be running code 9.x or later.

Hope it Helpss.

-GI

Rate if it Helpss

0 Helpful

Chad Campbell
Level 1
Level 1

‎12-08-2015 09:49 AM

Thanks, I have another question, my HQ want me to route my 10.x.x.x network to there ASA, but my VPN sites did not like that, would the alternative be to create a static route for my VPN sites to get routed to the outside interface automatically, instead of the default route?

0 Helpful

Ganesh Hariharan
VIP Alumni
VIP Alumni
In response to Chad Campbell

‎12-09-2015 06:29 AM

Hello Chad,

I would recommend default route only in  case where you have VPN termination in one DC and your encryption domain is bit large which is shared between customer.

we do have static routing for vpn subnet in our DC's because we are splitting VPN tunnel between DC's.

With static route you actually control and knows which remote site the subnet belongs and easy for troubleshooting at times.

Hope it Helps..

-GI

Rate if it Helpss

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card