I have a remote office that we have an IPSEC VPN tunnel to that allows that office to get DNS/AD auths from back at the central office. This tunnel is between (2) ASAs.
On the Central office ASA I also have a Layer 2 dark fiber that we run BGP over for us to access our Cloud infras.
In our cloud infra I need this remote office to be able to reach some of the apps we have spun up. To get the remote office route into BGP I have to run a route inside 192.168.200.0 255.255.255.0 10.0.0.1 which is a router below the ASA. This gives me a routing loop when I try to reach stuff on the remote side since it goes down to the router then the deault on that router is kick it back to the ASA.
I am wondering what would be the best way to advertise this remote ipsec vpn subnet into BGP without effecting connectivity either direction.
I dropped in a route null0 192.168.200.0 255.255.255.0 1 and that seemed to timeout my pings to the switch on the remote office side.
Wondering if I should try the below in the BGP config
aggregate-address 192.168.200.0 255.255.255.0 summary-only.
Will that statement advertise the remote network into bgp and keep it up and running for connectivity between the remote and central office? Thanks in advance for any help here.
No comments:
Post a Comment