Hello!
I have SRX240H2.
There is virtual router instanse:
root# show routing-instances
to-asa {
instance-type virtual-router;
interface ge-0/0/0.0;
routing-options {
interface-routes {
rib-group inet fbf-group;
}
static {
route 0.0.0.0/0 next-hop 10.16.1.1;
}
}
protocols {
ospf {
rib-group ri-asa_to_ri-inet0;
export export-routes-to-asa;
area 0.0.0.0 {
interface ge-0/0/0.0 {
interface-type p2p;
}
}
}
}
}
I imported direct and ospf routes from inet.0 to this vr:
root# show routing-options
interface-routes {
rib-group inet fbf-group;
}
root# show protocols
ospf {
rib-group fbf-group;
export export-ospf;
area 0.0.0.0 {
interface ge-0/0/2.0 {
passive;
}
interface ge-0/0/1.0;
}
}
The problem is that the OSPF and direct routes imported from the main inet.0 are not transferred via OSPF to the ASA device.
I found a solution, but I'm not sure it is correct:
policy-statement export-routes-to-asa {
term routers-to-asa-1 {
from protocol [ direct ospf ];
then accept;
}
}
Is this the right decision?
I thought that the OSPF protocol by default transfer the OSPF routes from the routing table to its neighbors.