Solved: Re: IPSEC VPN - Page 3

fmugambi · ‎07-18-2024

Hello Team,

I have a network as below,

Asa peers with isp using bgp.

theres ospf for downstream and upstream routing.

there is natting on asa public interface to ftd 40.18 interface, with 4500,500 services.

Is it possible to use this FTDs 40.18 interface to peers with remote site to form a site - to - site vpn?

Your support will be appreciated.

Thank you.

fmugambi · ‎07-23-2024

seems there was no need for process id 2.

I think i was adding it wrongly.

the core sw seems now to learn the vpn remote subnet without dropping , will monitor and update here.

11 mins and couting, before it would reset before this time.

thank you will update how it goes.

MHM Cisco World · ‎07-23-2024

I am sure it will stable'

Update me if something else appear

Goodluck

Have a nice summer

MHM

fmugambi · ‎07-23-2024

something came up.

seems for the vpn to come up is when i have a default route with next hop as the cisco asa?

why would this be so, yet i have ospf between asa and the ftd, as on the diagram.

without the default route i realize once i capture traffic, traffic gets to the outside interface of ftd i.e 40.18, but no response. so when i reactivate the default route, there is response and vpn comes up.

what am i missing? i wanted to reduce static routing on the network

MHM Cisco World · ‎07-25-2024

So this issue is close' ospf redistrubte static route now.

Please close it and open other one.

Thanks

MHM

fmugambi · ‎07-22-2024

worked for a moment then stopped,

no change made between working and not working

fmugambi · ‎07-22-2024

fmugambi · ‎07-23-2024

this is from the core,

So its on and off.

What would cause this? the tunnel being up and down, or its tied to routing issues between ftd and the core?