Re: ASA default route ACL and default route redistributing/defau

kwanm63my · ‎10-20-2010

I'm trying to release a default route learned via OSPF into EIGRP in an ASA running version 8.2.2. my config is

router eigrp 1
redist ospf 1 metric 10000 100 100 100 1500 route-map STATIC

access-list DEFAULT permit 0.0.0.0 0.0.0.0

route-map STATIC permit 10
match ip address DEFAULT

however, my upstream eigrp neig peering with the ASA seem to see all my other routes beside the default route. I can filter it out by putting a deny lines ahead fo the permit 0.0.0.0 of course but wondering am I writing to ACL correctly ?

on a side note, if try to use this config instead, I don't see the default route on my upstream eigrp neig at all.

router eigrp 1

default-information out DEFAULT

access-list DEFAULT permit 0.0.0.0 0.0.0.0

route-map STATIC permit 10
match ip address DEFAULT

Thanks

Maykol Rojas · ‎10-20-2010

Hello,

I am looking into this at this point, Normally what you would do is to redistribute the whole protocol and filter. The ACL is not wrong, it is created as an standard ACL and what it is telling the ASA is not to redistribute only the default route, but you are telling him to redistribute everything.

Let me get back to you.

Mike

kwanm63 · ‎10-20-2010

sounds like 2 things ?

1) you have to redistribute the 'ENTIRE' protocol in a ASA....

2) that's not how you write a 'default route' only ACL unlike a router ACL...

Maykol Rojas · ‎10-20-2010

Hello,

Thanks for replying. I dont understand your last post. If you use that ACL you mention in the first post it is going to redistribute all routes.

If you can be more specific on what you tried to say it would be great.

Thanks

Mike

kwanm63 · ‎10-20-2010

sorry MIke, Let's me just ask this for now.. I'm really more of a routing /switching guy so I'm usually thinking from that perspective.

Is there a way to write a default route only acl in a ASA ? In a router you can just do an acl or prefix-list to advertise a default route as follows..

ip prefix-list DEFAULT-ONLY seq 10 permit 0.0.0.0/0

router eigrp 1

distribute-list prefix DEFAULT-ONLY out FastEthernet0/0

or

ip access-list standard DEFAULT
permit 0.0.0.0

router eigrp 1

distribute-list DEFAULT out fa0/0

so I was following the same logic, if I can write a default route only acl.. when I redistribute the protocol, then by using the acl, I will only redistribute the default route only...

Hope I'm more clear ..

Maykol Rojas · ‎10-20-2010

Hello

Great! Thanks a lot for the clarification, you are totally right...I tried your setup really quickly and the ASAgrabbed that statement for 0.0.0.0 0.0.0.0 as everything instead of the default route :S

I guess as a workaround you can create the default route on the ASA that will be doing the redistribution and if that is the only route, do the redistribute static.Or the other option would be just redistribute everything and filter on the receiving end.

Hope it helps.

Cheers

Mike

kwanm63 · ‎10-20-2010

unfortunally, I'm learning that defalt route via ospf so it will have to be a redistribute option. Luckily, it 's only 2 routes so filtering is an option.. However, if I had more routes , I can imagine how annoying it can be. But believe it or not, I have another site in which my ASA has a static default route and even just doing a "redistribute static metric x x x x x route-map DEFAULT" only configuration into eigrp, it STILL redistributes ALL routes..

the route-map DEFAULT references an acl which again is "access-list DEFAULT standard permit any" ..

. I think it's just an ASA thing....

Maykol Rojas · ‎10-20-2010

Exactly,

Remember that the ASA with take all 0's as everything, it will not try to take the default route that he learned, he will redistribute everything. I tried with several versions and the same thing happened.

I guess filters will be the way to go.

Anything else just let me know.

Thanks!

Mike

ASA default route ACL and default route redistributing/default-info config