[c-nsp] ASA vs ISR ZBFW
Nick Hilliard
nick at foobar.org
Fri Sep 9 13:16:31 EDT 2011
On 09/09/2011 16:51, Colin Whittaker wrote:
> This exact limitation is why everytime I deploy firewalls these days
> there tends to be some form of L3 switch on either side just so I have
> something to run BGP on and just do eBGP multihop across the ASA.
i'm tending to run a local ospf instance on the fw-router link and then
redistributing from ospf->bgp on the next-hop router. Really it would be
much better to have fw support for bgp, but the ASA is such an enterprise
box that they don't understand why there might be an advantage to using
anything other than eigrp. sigh.
Nick
More information about the cisco-nsp
mailing list