[c-nsp] ASA / EIGRP / Redundant Interfaces

Rick Burts r.burts at earthlink.net
Tue Jun 2 21:17:23 EDT 2009


It seems to me that an offset list applied outbound
on one of the routers could make its routes less
attractive than the routes from the other router.
This should give you 1 primary set of routes and 1
backup set of routes. And does not require any
special configuration on the ASA.

HTH

Rick

Jason Link wrote:
> Maybe that's the best option here.  I can't seem to find any other way to do it cleanly.
> 
> Thanks!
> 
> 
> -----Original Message-----
> From: Peter Rathlev <peter at rathlev.dk>
> Sent: Thursday, April 30, 2009 11:52 AM
> To: Jason Link <Jason.Link at whgroup.com>
> Cc: Cisco-nsp <cisco-nsp at puck.nether.net>
> Subject: RE: [c-nsp] ASA / EIGRP / Redundant Interfaces
> 
> On Thu, 2009-04-30 at 11:39 -0500, Jason Link wrote:
>> Additionally, I'm not sure HSRP would help me in a situation like this,
>> since the way I understand it the ASA will still learn both routers
>> "real" IP address and will form a neighbor to each one.  I would like to
>> avoid calling out the neighbor specifically, if I can help it.
> 
> Yes of course, if the ASA has to do EIGRP my suggestion is irrelevant. I
> overlooked that somewhat since I'm not used to thinking about having
> firewalls do dynamic routing. :-)
> 
> The HSRP thing would of course be with the ASA not participating in the
> EIGRP. On the ASA side you would use static routes pointing at the HSRP
> IP. On the router side you would use static routes pointing at the ASA
> primary IP.
> 
> Regards,
> Peter
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 



More information about the cisco-nsp mailing list