Hey all, I want to use BGP to multi-home an ASA that is to be configured as a P2P IPSec head-end. The eBGP stuff is trivial, but what I’m not sure of is how to anchor a /32 that is to be used as the IPSec destination IP that the remote tunnels will point to. Last I looked, ASA didn’t support the concept of a loopback interface, and my review of VTI seems to suggest that it requires a VTI on both sides, which is a non-starter here because I don’t control the clients that will be connecting to this head-end.
Come to think of it, thinking aloud, if I recall (it’s been a long time since I’ve touched an ASA) creating a NAT entry with reverse-route injection enabled will inject the IP attached to that NAT entry into the ASA routing table, so I guess that should in turn get advertised at that point, so that could be used by the remote tunnels as the head-end IP? Does that sound familiar to anyone as something that may work? If not, anything else that may do what I’m after? Thanks! _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
