Re: Need help resolving routing with Cisco ASA to ASR with Fortiswitch

jroy777 · ‎11-07-2025

We have a working design with Cisco ASA and Fortiswitch connecting to Cisco ASR1001 router up to AWS. The ASR uses BGP to talk to AWS and we redistribute OSPF/BGP (Which way is right?). At the moment It works and we have traffic flowing. We have introduced another backup secondary path also to AWS. We are now trying to resolve routing between ASA, Fortiswitch L3 (Licensed for BGP) with eliminating an additional ASR in the design because Cisco is not offering any support contract!!! I am trying get the second circuit talking with 2nd Fortiswitch and ASA.

We can get from AWS all the way down to Fortiswitch vlan interfaces but traffic does not seem to arrive on subnet the ASA is attached to. See drawing. The ASA cannot ping the Fortiswitch and Vice versa.

jroy777 · ‎11-07-2025

Does this look correct?

router ospf 1
router-id 1.1.1.1
redistribute bgp 64514 subnets
!
router bgp 64514
bgp log-neighbor-changes
neighbor 169.254.96.25 remote-as 64512
neighbor 169.254.96.25 password xxxxxxx
!
address-family ipv4
network 169.254.96.24 mask 255.255.255.248
redistribute ospf 1
neighbor 169.254.96.25 activate
exit-address-family

Both paths use the same AS 64512 on the AWS side, can this cause problems?

Giuseppe Larosa · ‎11-10-2025

Hello @jroy777 ,

>> The ASA cannot ping the Fortiswitch and Vice versa.

focus on this.

Have you configured a name with nameif on the ASA interface to the second Fortiswitch ?

do they have distinct IP addresses in the same IP subnet ?

Hope to help

Giuseppe