07-23-2009 10:21 AM - edited 03-11-2019 08:58 AM
I have a ASA upgrade, where a 5520 ASA configured for transparent is currently supporting EIGRP with only ACLs - permit eigrp ..... source destination (host 224.0.0.10) - the replacement 5550 ASA will be configured for routed mode and a "router eigrp AS" process will be applied. Once an ASA is configured in routed mode, with an EIGRP router process enabled, how is the firewall configured to support EIGRP?
thanks, Kevin
Solved! Go to Solution.
07-23-2009 11:08 AM
Kevin
"so, even though there are numerous ACLs assigned to, let's say, both the inside and outside ASA's interface, there no longer is the need for "permit eigrp source destination" ACLs?"
Correct, because in transparent mode the EIGRP traffic was passing through the firewall whereas in routed mode with the firewall running EIGRP this is no longer the case ie. the firewall is now an EIGRP neighbor.
Jon
07-23-2009 10:29 AM
Kevin
Here is the config doc section for configuring EIGRP on the ASA -
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/ip.html#wp1092871
If you are after something specific let me know.
Jon
07-23-2009 10:57 AM
Jon, great link, thanks
so, even though there are numerous ACLs assigned to, let's say, both the inside and outside ASA's interface, there no longer is the need for "permit eigrp source destination" ACLs?
thanks, Kevin
07-23-2009 11:08 AM
Kevin
"so, even though there are numerous ACLs assigned to, let's say, both the inside and outside ASA's interface, there no longer is the need for "permit eigrp source destination" ACLs?"
Correct, because in transparent mode the EIGRP traffic was passing through the firewall whereas in routed mode with the firewall running EIGRP this is no longer the case ie. the firewall is now an EIGRP neighbor.
Jon
07-23-2009 11:34 AM
Jon, simple enough, makes sense.
thanks a bunch,
kevin
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: