08-31-2021 09:10 AM
we have two VR
1. Default :
eth1/1 - 10.1.1.0/24 L3_LAN Zone
eth1/2 - 10.1.2.0/24 L3_DMZ zone
eth1/3 - internet
2.New_VR
tunnel interface tunnel.1_global protect tunnel
eth1/4 - Branch
Core ------- PA ------------------Branch router
We want to enable ospf in New_VR . As per requirement DMZ subnet of default VR and GP ip pool should redistribute via ospf to Branch router in New_VR
we found below solution :
1. There will be static route for DMZ subnet in New_VR.
so to reach DMZ subnet next hop will be "next VR" which is a default VR in our case.
So we can redistribute this static route using redistribution profile.
2. Tunnel interface will be connected in New_VR
So we can redistribute tunnel interface which is connected in new_VR
Have query on above solution :
1. static routes will be with next hop as "next VR' , will it work ?
2. There is no route for GP ip pool and no ip-address we mention on tunnel interface of global protect . if select tunnel interface in
redistribution profile , gp ip pool will redistribute ?
3. Does firewall by default redistribute routes of another VR if we configure redistribution profile ? Cause after configuring redistribution profile in New_VR for its tunnel interface and DMZ static route , it should not redistribute subnet of Default VR .Otherwise it will be impact for us.
