Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
124
Views
0
Helpful
1
Replies

Need help resolving routing with Cisco ASA to ASR with Fortiswitch

jroy777
Level 1
Level 1

‎11-07-2025 11:36 AM

FortiSwitch-AWS-DC-Switch-vlan-Diagram-110525-UPDATED.png

We have a working design with Cisco ASA and Fortiswitch connecting to Cisco ASR1001 router up to AWS. The ASR uses BGP to talk to AWS and we redistribute OSPF/BGP (Which way is right?). At the moment It works and we have traffic flowing. We have introduced another backup secondary path also to AWS. We are now trying to resolve routing between ASA, Fortiswitch L3 (Licensed for BGP) with eliminating an additional ASR in the design because Cisco is not offering any support contract!!! I am trying get the second circuit talking with 2nd Fortiswitch and ASA.

We can get from AWS all the way down to Fortiswitch vlan interfaces but traffic does not seem to arrive on subnet the ASA is attached to. See drawing. The ASA cannot ping the Fortiswitch and Vice versa.


0 Helpful
1 Reply 1

jroy777
Level 1
Level 1

‎11-07-2025 11:55 AM

Does this look correct?

router ospf 1
router-id 1.1.1.1
redistribute bgp 64514 subnets
!
router bgp 64514
bgp log-neighbor-changes
neighbor 169.254.96.25 remote-as 64512
neighbor 169.254.96.25 password xxxxxxx
!
address-family ipv4
network 169.254.96.24 mask 255.255.255.248
redistribute ospf 1
neighbor 169.254.96.25 activate
exit-address-family

Both paths use the same AS 64512 on the AWS side, can this cause problems?

0 Helpful
Customers Also Viewed These Support Documents