10-14-2013 01:36 AM - edited 03-07-2019 04:01 PM
Hi,
I have a scenario of a production environment, where ASA uses a (hsrp virtual) IP as default gateway. Since a recent upgrade, there are now two routers and in order for these to manage the routes to the ASA dynamically I need to replace their static routes for the internal network to the ASA with that of a routing protocol.
What I want to solve is:
1) Have ASA still only communicating with the VIP of the routers HSRP.
2) Let the route for 100.50.0.0/20, which goes via ASA, be dynamically added with a routing protocol to ensure that if router01 loses physical connection to Cisco ASA, then router01 knows it can go via router02 (and vice versa)
router01 (active): 100.50.0.1
router02: 100.50.0.2
cisco asa: 100.50.0.3
Inner network, 100.50.0.0/20, for which the both routers now have a static route towards the ASA.
I easily find OSPF documentation, but Im unsure how to implement this in a production environment without losing connectivity. I guess my question can be reduced to: Is it safe to follow a typical Cisco ASA OSPF documentation to add the route dynamically, and when done remove the static routes to accomodate for a convering network in the event of a failure?
Solved! Go to Solution.
10-18-2013 06:57 AM
I believe that you are correct in your further assessment of your requirements. And it seems to me that using OSPF and having layer 3 redundancy is better than HSRP and layer 2 redundancy.
HTH
Rick
10-18-2013 02:12 AM
I realize I didn't think it through. I think either have rely on hsrp and using static routes, or scrap hsrp and use ospf. It becomes a case of layer 2 OR layer 3 redundancy - not both.
10-18-2013 06:57 AM
I believe that you are correct in your further assessment of your requirements. And it seems to me that using OSPF and having layer 3 redundancy is better than HSRP and layer 2 redundancy.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide