ASA not advertising routes

Colin Higgins · ‎02-16-2011

I have an ASA 5510 that is configured for a remote access VPN

When users login, they are given an address from a locally defined pool (172.16.101.1-254 /24). Users can log in fine.

I have enabled EIGRP on the ASA and I have configured the following to be advertised:

1. 0.0.0.0 (default)

2. 172.16.100.0 /24 (dmz network)

3. 172.16.101.0 /24 (vpn pool)

I have also enabled reverse-route injection.

The problem I am having is that the VPN pool network is not being advertised via EIGRP, but the other networks are.

The other issue I am having is that even though I have created access-lists that allow the inside network (10.0.0.0) to ping the DMZ interface (172.16.101.1) on the ASA, the ASA is not allowing it. I have also created an ACL that allows the DMZ interface to ping inside, but this fails as well.

Any advice would be great (I opened a similar question in the routing section, but this looks like a better place for it).

Federico Coto Fajardo · ‎02-16-2011

Hi Colin,

For the issue of the ASA not redistributing the VPN pool, did you create a static route and redistribute
static under EIGRP?

For the other issue:
You can only PING an interface that is directly connected, this means:
From inside you can only PING the inside interface.
From DMZ you can only PING the DMZ interface.
You can never PING the DMZ interface from the inside (is just the ASA structure).

Hope it helps.

Federico.