Single route to external network through ASA and redistribute
OK, so we have a network where we do not default route through the ASA's to the internet, but set static routes for the few networks we need to connect to. We have a DMZ to handle all the external connectivity and users access the internet via a proxy filtering solution, so this is effective for us. The ASA's are the only devices with default routes to the internet side, like this: route outside 0 0 <netxt hop>
We would like to reduce some administration and redistribute these routes into our EIGRP process.
If I've got:
(buch of other EIGRP devices)------------(router)---------------(layer3switch)---------(ASA) - - - - - - - - internet
10.10.20.1 10.10.20.3 10.10.20.4
My internal network is 10.10.0.0 and I want a route to 188.8.131.52 to the internet via the ASA on all the network gear from the layer3switch to the rest of the inside gear, how do I effectivly do that?
With the default route on the ASA (and NAT/ACL config), the ASA knows what to do with the traffic when it comes in on the internal interface.
If a static route is set on the layer3 switch and the route is redistributed, the ASA will also get the route from the routing protocol and attempt send that incoming traffic to its own internal interface, causing what is essentially a hairpining loop.
For example from the ASA (this is 10.10.20.4 for this example):
D EX 184.108.40.206 255.255.255.255
[170/261120] via 10.10.20.3, 0:54:34, inside
from the layer3switch (this is 10.10.20.3):
220.127.116.11/32 is subnetted, 1 subnets
S 18.104.22.168[1/0] via 10.10.20.4
Would I set a route on the ASA and redistribute from there? If so, what would that look like?
Do I filter the route to the ASA with a route map or some other mechanism on the layer3 switch?
Hi, here is an example how to configure IP-NAT, GRE, IPSEC. I've seen plenty of questions and this might be a good solution! (Mostly the use of commands that might remind u) IP NAT======================================================================...
Hi everyone.I have a problem in my Network.So i have 3 routers and a firewall in my topology. I have configured OSPF and all routers works expect R3 (see in the image below)When I watch my neignbor in R3 it says :192.168.7.7 1 INIT/DROTHER 00:00:37 10.0.2...
Host Onboarding is the term used when connecting an endpoint (hosts , IOT , Other devices) to the fabric , and can be accomplished in a couple of ways.One option is the "static" approach as oppose to the dynamic and secure approach using&nbs...
good morning I have this report from users, saying that they encounter connection issue only when they are wired , but the wireless I fine. both connection are using the same path to the internet ...please advised a troubleshooting plan.