cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
233
Views
0
Helpful
2
Replies
Highlighted
Beginner

Cisco ASA OSPF

Hi,

I have a scenario of a production environment, where ASA uses a (hsrp virtual) IP as default gateway. Since a recent upgrade, there are now two routers and in order for these to manage the routes to the ASA dynamically I need to replace their static routes for the internal network to the ASA with that of a routing protocol.

What I want to solve is:

1) Have ASA still only communicating with the VIP of the routers HSRP.

2) Let the route for 100.50.0.0/20, which goes via ASA, be dynamically added with a routing protocol to ensure that if router01 loses physical connection to Cisco ASA, then router01 knows it can go via router02 (and vice versa)

router01 (active): 100.50.0.1

router02:             100.50.0.2

cisco asa:           100.50.0.3

Inner network, 100.50.0.0/20, for which the both routers now have a static route towards the ASA.

I easily find OSPF documentation, but Im unsure how to implement this in a production environment without losing connectivity. I guess my question can be reduced to: Is it safe to follow a typical Cisco ASA OSPF documentation to add the route dynamically, and when done remove the static routes to accomodate for a convering network in the event of a failure?

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Master

Cisco ASA OSPF

I believe that you are correct in your further assessment of your requirements. And it seems to me that using OSPF and having layer 3 redundancy is better than HSRP and layer 2 redundancy.

HTH

Rick

HTH

Rick

View solution in original post

2 REPLIES 2
Beginner

Cisco ASA OSPF

I realize I didn't think it through. I think either have rely on hsrp and using static routes, or scrap hsrp and use ospf. It becomes a case of layer 2 OR layer 3 redundancy - not both.

Highlighted
Hall of Fame Master

Cisco ASA OSPF

I believe that you are correct in your further assessment of your requirements. And it seems to me that using OSPF and having layer 3 redundancy is better than HSRP and layer 2 redundancy.

HTH

Rick

HTH

Rick

View solution in original post

CreatePlease to create content
Content for Community-Ad