02-16-2019 05:32 AM - edited 02-16-2019 05:33 AM
Hi there!
I need to run OSPF over site-to-site IPsec tunnel on ASA.
basically I have HQ, and 3 branches that need to be connected to the HQ via site-to-site and most importantly to run OSPF over the IPsec tunnel instead of default route.
HQ :ASA5525 Version 9.6(3)1
BR1: ASA5515 Version 9.9(2)
BR2: ASA5525 Version 9.2(2)4
BR3: ASA5516 Version 9.8(2)
I've read some article that only BGP is supported over VTI for ASA v9.8.
I will appreciate if someone can help me out.
Thanks!
02-16-2019 05:43 AM
02-16-2019 06:03 AM - edited 02-16-2019 06:06 AM
Thanks for the reply, if I don't use VTI (just Poily-based VPN) and configure OSPF on ASA (on HQ and all branches), will the branches be part of HQ's OSPF domain?
02-16-2019 06:15 AM
See this link, you can define ospf as non-broadcast and statically define the neighbor.
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide