cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7950
Views
10
Helpful
5
Replies

ASA Prefix-List

alkabeer80
Level 1
Level 1

Hi,

R1 (Area 0 )---------- ASA -----------(Area 1) R2

3.3.3.3

4.4.4.4

I want to apply prefix-list to OSPF process 1 on cisco ASA which deny advertising 3.3.3.3 and 4.4.4.4

prefix-list abc deny 3.3.3.3/24

prefix-list abc deny 4.4.4.4/24

prefix-list abd permit 0.0.0.0/0 le 32

router ospf 1

network 1.1.1.1 255.255.255.0 area 0

network 2.2.2.2 255.255.255.0 area 1

area 0 filter-list prefix abc in

i have apply these config but still in routing table of R2 i can see 3.3.3.3 and 4.4.4.4.

5 Replies 5

Maykol Rojas
Cisco Employee
Cisco Employee

Hello,

What I would do is to try to sepparate the two areas into process and then do the filter.

I tried and it worked fine.

IE:

R1:

router ospf 1

log-adjacency-changes

network 3.3.3.3 0.0.0.0 area 0

network 4.4.4.4 0.0.0.0 area 0

network 5.5.5.5 0.0.0.0 area 0

network 10.1.1.0 0.0.0.255 area 0

ASA:

router ospf 1

network 10.1.1.0 255.255.255.0 area 0

log-adj-changes

!

router ospf 2

network 10.2.2.0 255.255.255.0 area 1

log-adj-changes

redistribute ospf 1 subnets route-map ROUTES

route-map ROUTES, permit, sequence 10

  Match clauses:

    ip address (access-lists): 1

  Set clauses:

access-list 1 line 1 standard deny host 3.3.3.3 (hitcnt=4) 0xcb00e56e

access-list 1 line 2 standard deny host 4.4.4.4 (hitcnt=4) 0x57182e7b

access-list 1 line 3 standard permit any (hitcnt=3) 0x9f9fa842

R2

router ospf 1

log-adjacency-changes

no auto-cost

network 10.2.2.0 0.0.0.255 area 1

Routing Table:

     5.0.0.0/32 is subnetted, 1 subnets

O E2    5.5.5.5 [110/11] via 10.2.2.2, 00:00:40, FastEthernet0/0

     10.0.0.0/24 is subnetted, 2 subnets

C       10.2.2.0 is directly connected, FastEthernet0/0

O E2    10.1.1.0 [110/10] via 10.2.2.2, 00:00:40, FastEthernet0/0

Let me know if that makes sesne.

Mike

Mike

Hi Mike,

I am asked to do it with prefix-list, not route map.

Is it possible to achieve it ?

The way you are doing it no. That would only prevent it from appearing on the ASA. Nothing to do with redistribute.

Mike

Mike

Sandeep Ramakrishnan
Cisco Employee
Cisco Employee

try the following:

 

prefix-list PLIST_A1_IN deny 3.3.3.3/32

prefix-list PLIST_A1_IN deny 4.4.4.4/32

prefix-list PLIST_A1_IN permit 0.0.0.0/0 le 32

 

router ospf 1

area 1 filter-list prefix PLIST_A1_IN in

 

*Note:  The above feature only applies to InterArea LSA (type 3) only.  If the 3.3.3.3 & 4.4.4.4. prefixes are advertised using different LSAs, filter-lists will not do anything.

 

- sandeep

Hi,

Try the following:

area 0 range 3.3.3.3 255.255.255.255 not-advertise

Review Cisco Networking for a $25 gift card