cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1355
Views
0
Helpful
2
Replies

ASA iBGP Peering Question

jmeggers
Level 1
Level 1

First time working with BGP on the ASA, and I don't know if there are any unusual characteristics on the ASA versus in IOS. I have a main internet gateway with two border routers to different ISPs on the outside of an ASA FO pair, and a disaster recovery site that also has a single ISP connection with an ASA (FO pair) and a border router. Planning on running iBGP among the border routers and the ASAs to choose a path, and to redistribute default routes into our IGP. In IOS, I would peer iBGP using loopback addresses, but loopbacks are not supported on the ASA. So I'll have to peer directly to interfaces on the ASA, which means the iBGP connections will be on different interfaces for the same AS. Mainly, I just want to make sure this will not cause any issues. I don't see anything in documentation that indicates it would, but I'd like to make sure. Thanks for any information or suggestions.  

 

2 Replies 2

Reza Sharifi
Hall of Fame
Hall of Fame

How about BGP between the border routers and static routes between the firewalls and the border router. This would eliminate running BGP on the firewalls.

HTH

The goal is to get a default route from the ISP into EIGRP. If both primary ISPs go away, so does the default route, and the default from the DR site will be preferable. The ASA apparently doesn't support running more than one EIGRP process, so that means I'd have to run an OSPF process among the border routers and the ASA and then redistribute that. If I'm going to do that, I figure I might as well just run iBGP and get the default that way. 

One of the challenges is going to be getting peering among all the devices, dealing with NAT, etc. I was thinking how it would be nice if the ASA could be a route-reflector but it doesn't look like that function is supported.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco