ospf and statics

[stooo]

Hi

I have an pair of ASAs that learn a route on an internal interface through ospf. in the event of that network not being available, ospf looses the route, and the traffic should be sent out via an IPSEC tunnel (using default gateway).

The issue I have is there is a static used to pass traffic between the internal interface it learns the route from and the DMZ.

When the route is not available through OSPF I need to manually remove the static, otherwise it logs 'built local-host' on the intenal interface rather than outside.

Hope that makes sense? How can I overcome this?]

Thanks

 

[PScottC]

It sounds like you have a router and a firewall in the office. The PC's should point to the router as their gateway. The ASA should advertise the default route to the router through OSPF. Then, when the WAN link goes down the VPN will come up because the router will lose its routes and pass all traffic to the ASA. The interesting traffic passing the firewall will bring up the VPN.

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers