I've got a routing problem between 2 ASA's. All the details are in the below link, with a diagram.
All devices are using static routing. The problem is that ASA1 routes a 200.0.0.0/24 towards ASA2. But every single IP in 200.0.0.0/24 isn't necessarily in use yet. But traffic is actually going to some of the addresses not in use (eg 200.0.0.65). This causes a routing loop between the ASAs. ASA2 ends up default routing back to ASA1, and ASA1 believes 200.0.0.65 exists via ASA2 because of the routed /24. The TTL doesn't expire and this traffic eventually blows the CPU. I need a way to blackhole traffic to destinations that don't exist on ASA2.
No comments:
Post a Comment