https://community.cisco.com/t5/network-security/asa-default-route-acl-and-default-route-redistributing-default/m-p/1560653#M608634 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>I am looking into this at this point, Normally what you would do is to redistribute the whole protocol and filter. The ACL is not wrong, it is created as an standard ACL and what it is telling the ASA is not to redistribute only the default route, but you are telling him to redistribute everything.</P><P></P><P>Let me get back to you.</P><P></P><P>Mike</P></BODY></HTML> Thu, 21 Oct 2010 01:25:36 GMT Maykol Rojas 2010-10-21T01:25:36Z https://community.cisco.com/t5/network-security/asa-default-route-acl-and-default-route-redistributing-default/m-p/1560652#M608633 <P>I'm trying to release a default route learned via OSPF&nbsp; into EIGRP in an ASA running version 8.2.2. my config is</P><P></P><P>router eigrp 1<BR />redist ospf 1 metric 10000 100 100 100 1500 route-map STATIC</P><P></P><P></P><P>access-list DEFAULT permit 0.0.0.0 0.0.0.0</P><P></P><P>route-map STATIC permit 10<BR /> match ip address DEFAULT</P><P></P><P>however, my upstream eigrp neig peering with the ASA seem to see all my other routes beside the default route. I can filter it out by putting a deny lines ahead fo the permit 0.0.0.0 of course but wondering am I writing to ACL correctly ?</P><P></P><P>on a side note, if try to use this config instead, I don't see the default route on my upstream eigrp neig at all.</P><P></P><P>router eigrp 1</P><P>default-information out DEFAULT</P><P></P><P>access-list DEFAULT permit 0.0.0.0 0.0.0.0</P><P></P><P>route-map STATIC permit 10<BR /> match ip address DEFAULT</P><P></P><P>Thanks</P> Mon, 11 Mar 2019 18:57:43 GMT https://community.cisco.com/t5/network-security/asa-default-route-acl-and-default-route-redistributing-default/m-p/1560652#M608633 kwanm63my 2019-03-11T18:57:43Z https://community.cisco.com/t5/network-security/asa-default-route-acl-and-default-route-redistributing-default/m-p/1560653#M608634 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>I am looking into this at this point, Normally what you would do is to redistribute the whole protocol and filter. The ACL is not wrong, it is created as an standard ACL and what it is telling the ASA is not to redistribute only the default route, but you are telling him to redistribute everything.</P><P></P><P>Let me get back to you.</P><P></P><P>Mike</P></BODY></HTML> Thu, 21 Oct 2010 01:25:36 GMT https://community.cisco.com/t5/network-security/asa-default-route-acl-and-default-route-redistributing-default/m-p/1560653#M608634 Maykol Rojas 2010-10-21T01:25:36Z https://community.cisco.com/t5/network-security/asa-default-route-acl-and-default-route-redistributing-default/m-p/1560654#M608635 <HTML><HEAD></HEAD><BODY><P>sounds like 2 things ?</P><P></P><P>1) you have to redistribute the 'ENTIRE' protocol in a ASA....</P><P></P><P>2) that's not how you write a 'default route' only ACL unlike a router ACL...</P></BODY></HTML> Thu, 21 Oct 2010 02:23:18 GMT https://community.cisco.com/t5/network-security/asa-default-route-acl-and-default-route-redistributing-default/m-p/1560654#M608635 kwanm63 2010-10-21T02:23:18Z https://community.cisco.com/t5/network-security/asa-default-route-acl-and-default-route-redistributing-default/m-p/1560655#M608636 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Thanks for replying. I dont understand your last post. If you use that ACL you mention in the first post it is going to redistribute all routes.</P><P></P><P>If you can be more specific on what you tried to say it would be great.</P><P></P><P>Thanks</P><P></P><P>Mike</P></BODY></HTML> Thu, 21 Oct 2010 02:27:34 GMT https://community.cisco.com/t5/network-security/asa-default-route-acl-and-default-route-redistributing-default/m-p/1560655#M608636 Maykol Rojas 2010-10-21T02:27:34Z https://community.cisco.com/t5/network-security/asa-default-route-acl-and-default-route-redistributing-default/m-p/1560656#M608637 <HTML><HEAD></HEAD><BODY><P>sorry MIke, Let's me just ask this for now.. I'm&nbsp; really more of a routing /switching guy so I'm usually thinking from that perspective.</P><P></P><P>Is there a way to write a default route only acl in a ASA ? In a router you can just do an acl or prefix-list to advertise a default route as follows..</P><P></P><P></P><P>ip prefix-list DEFAULT-ONLY seq 10 permit 0.0.0.0/0</P><P></P><P>router eigrp 1</P><P> distribute-list prefix DEFAULT-ONLY out FastEthernet0/0</P><P></P><P></P><P>or</P><P></P><P>ip access-list standard DEFAULT<BR /> permit 0.0.0.0</P><P></P><P>router eigrp 1</P><P>distribute-list DEFAULT&nbsp; out fa0/0</P><P></P><P>so I was following the same logic, if I can write a default route only acl.. when I redistribute the protocol, then by using the acl, I will only redistribute the default route only...</P><P></P><P>Hope I'm more clear ..</P></BODY></HTML> Thu, 21 Oct 2010 02:36:43 GMT https://community.cisco.com/t5/network-security/asa-default-route-acl-and-default-route-redistributing-default/m-p/1560656#M608637 kwanm63 2010-10-21T02:36:43Z https://community.cisco.com/t5/network-security/asa-default-route-acl-and-default-route-redistributing-default/m-p/1560657#M608638 <HTML><HEAD></HEAD><BODY><P>Hello</P><P></P><P>Great! Thanks a lot for the clarification, you are totally right...I tried your setup really quickly and the ASAgrabbed&nbsp; that statement for 0.0.0.0 0.0.0.0 as everything instead of the default route :S</P><P></P><P>I guess as a workaround you can create the default route on the ASA that will be doing the redistribution and if that is the only route, do the redistribute static.Or the other option would be just redistribute everything and filter on the receiving end.</P><P></P><P>Hope it helps.</P><P></P><P>Cheers</P><P></P><P>Mike</P></BODY></HTML> Thu, 21 Oct 2010 03:13:48 GMT https://community.cisco.com/t5/network-security/asa-default-route-acl-and-default-route-redistributing-default/m-p/1560657#M608638 Maykol Rojas 2010-10-21T03:13:48Z https://community.cisco.com/t5/network-security/asa-default-route-acl-and-default-route-redistributing-default/m-p/1560658#M608639 <HTML><HEAD></HEAD><BODY><P><SPAN style="background-color: #f8fafd;">unfortunally, I'm learning that defalt route via ospf so it will have to be a redistribute option. Luckily, it 's only 2&nbsp; routes so filtering is an option.. However, if I had more routes , I can imagine how annoying it can be.&nbsp; But believe it or not, I have another site in which my ASA has a static default route and even just doing a "redistribute static metric x x x x&nbsp; x&nbsp; route-map DEFAULT"&nbsp;&nbsp; only configuration into eigrp, it STILL redistributes ALL routes..</SPAN></P><P></P><P><SPAN style="background-color: #f8fafd;">the route-map DEFAULT references an acl which again is&nbsp;&nbsp; "access-list DEFAULT standard permit any" ..</SPAN></P><P></P><P><SPAN style="background-color: #f8fafd;">. I think it's just an ASA thing....</SPAN></P></BODY></HTML> Thu, 21 Oct 2010 03:28:05 GMT https://community.cisco.com/t5/network-security/asa-default-route-acl-and-default-route-redistributing-default/m-p/1560658#M608639 kwanm63 2010-10-21T03:28:05Z https://community.cisco.com/t5/network-security/asa-default-route-acl-and-default-route-redistributing-default/m-p/1560659#M608640 <HTML><HEAD></HEAD><BODY><P>Exactly,</P><P></P><P>Remember that the ASA with take all 0's as everything, it will not try to take the default route that he learned, he will redistribute everything. I tried with several versions and the same thing happened. </P><P></P><P>I guess filters will be the way to go.</P><P></P><P>Anything else just let me know.</P><P></P><P>Thanks!</P><P></P><P>Mike</P></BODY></HTML> Thu, 21 Oct 2010 03:36:34 GMT https://community.cisco.com/t5/network-security/asa-default-route-acl-and-default-route-redistributing-default/m-p/1560659#M608640 Maykol Rojas 2010-10-21T03:36:34Z