No Account Yet?

You are not logged in.

Add to: JBookmarks Add to: Facebook Add to: Windows Live Add to: Digg Add to: Del.icoi.us Add to: Reddit Add to: StumbleUpon Add to: Slashdot Add to: Netscape Add to: Furl Add to: Yahoo Add to: Blogmarks Add to: Technorati Add to: Newsvine Add to: Google Information
Cisco ASA- Automatic Redistribute of VPN Static Routes E-mail
Networking HowTo's - Cisco HowTo's
Written by Keith Short   
Tuesday, 29 April 2008 10:14

When configuring an ASA for VPN tunnels I like to use the "Reverse Route Injection" feature. This feature automatically installs static routes to destinations defined in your Site-to-Site vpn profiles.

That makes it very easy to automatically inject routes to VPN sites into the routing protocol used on the internal network.

The way I've done it below is simple but powerful. Everytime a new Site-to-Site VPN comes up, the routes are automatically redistributed.

***Note - It was necessary to filter the default static route from the redistribution because it also points to the "outside" interface. The default static route is only for use in routing traffic that flows through this ASA. It must not be redistributed to the internal network.

Configuration:

access-list filter-default-static-route remark filter static default route from OSPF Redistribution
access-list filter-default-static-route standard deny host 0.0.0.0

route-map vpn-routes permit 10
match ip address filter-default-static-route

route-map vpn-routes permit 20
match interface outside
set metric-type type-2

router ospf 1
router-id 192.168.1.1
network 192.168.1.0 255.255.255.0 area 0
redistribute static subnets route-map vpn-route

....

Comments
Search RSS
Only registered users can write comments!

3.22 Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."

Last Updated ( Friday, 16 May 2008 22:54 )