Newest Downloads

Mar.18

  [zenoss@zenoss2 ~]$ python Zenoss_Template_Manager.py -husage: Examples: python Zenoss_Templa...

Cisco ASA- Automatic Redistribute of VPN Static Routes
Networking HowTo's - Cisco HowTo's
Written by Keith Short   
Tuesday, 29 April 2008 10:14

When configuring an ASA for VPN tunnels I like to use the "Reverse Route Injection" feature. This feature automatically installs static routes to destinations defined in your Site-to-Site vpn profiles.

That makes it very easy to automatically inject routes to VPN sites into the routing protocol used on the internal network.

The way I've done it below is simple but powerful. Everytime a new Site-to-Site VPN comes up, the routes are automatically redistributed.

***Note - It was necessary to filter the default static route from the redistribution because it also points to the "outside" interface. The default static route is only for use in routing traffic that flows through this ASA. It must not be redistributed to the internal network.

Configuration:

access-list filter-default-static-route remark filter static default route from OSPF Redistribution
access-list filter-default-static-route standard deny host 0.0.0.0

route-map vpn-routes permit 10
match ip address filter-default-static-route

route-map vpn-routes permit 20
match interface outside
set metric-type type-2

router ospf 1
router-id 192.168.1.1
network 192.168.1.0 255.255.255.0 area 0
redistribute static subnets route-map vpn-route

....



Add this page to your favorite Social Bookmarking websites
Reddit! Del.icio.us! Mixx! Free and Open Source Software News Google! Live! Facebook! StumbleUpon! Yahoo! Free Joomla PHP extensions, software, information and tutorials.
Comments
Search RSS
Only registered users can write comments!

3.22 Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."

Last Updated on Friday, 16 May 2008 22:54