Since passive interface is not supported on ASA, is there still a way to configure it? I don't know if it is supported on newer models, but how do you do it for model X-5506?
You're right that ASA doesn't support the traditional OSPF passive-interface command. However, you can achieve the same result by preventing OSPF Hello packets on the desired interface. The simplest way is to use an access-list to block OSPF multicast traffic (224.0.0.5/224.0.0.6) on that interface, while still advertising the network in OSPF using the network command. This effectively stops neighbor formation without affecting the route advertisement.
If this post was helpful, please click Helpful. If it resolved your query, select Mark as Solution from the dropdown menu in the top-right corner of this reply.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
