Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1028
Views
0
Helpful
6
Replies

Cisco ASA OSPF Administrative Distance 255

fara.rhea
Level 1
Level 1

‎12-12-2012 10:19 PM - edited ‎03-11-2019 05:36 PM

Hi ..

My ASA run OSPF dynamic routing, I want to "clean up" route table by set AD for OSPF by 255. But in route table there is still route for it although it have AD 255.

Anyone have try this ?

BR

Labels:
0 Helpful
6 Replies 6

cadet alain
VIP Alumni
VIP Alumni

‎12-13-2012 04:44 AM

Hi,

maybe shutting/no shutting the interface receiving these OSPF LSAs should  make it work.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni

‎12-13-2012 08:55 AM

Hello Fara,

Actually turning off the interface will not change anything as this is the expected behavior with the ASA.

Different from a dedicated routing device that will not install nor use a route with a AD of 255.

So you will need to use a different method to filter this routes to get installed or used by the ASA

Remember to rate all of the helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to Julio Carvajal

‎12-13-2012 11:34 AM

Hi Julio,

what's the use of this command then?

Would a distribute-list have the same effect as on a router?

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to cadet alain

‎12-13-2012 12:23 PM

Hello Cadet,

It's going to alter the metric being shown an all of the updates to the other devices but from the ASA itself (locally) the route will still be implemented. So you can send LSU containing different LSAs but each of them will have the distant set to 255 and this as explained before on a router will be handled different,

The distribute-list does have the same behavior,

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

fara.rhea
Level 1
Level 1
In response to Julio Carvajal

‎12-13-2012 07:56 PM

Hello guys ..

There are no "distribute-list" for OSPF in ASA 8.4 it just have "filter-list" to filter between area which can use to filter when ASA become ABR or ASBR. Because of that i try to use distance 255 .

BR

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to fara.rhea

‎12-13-2012 09:43 PM

Hello,

Yeahp... Remember that the ASA has been built in as a security box not as a routing dedicated box...

That being said the OSPF route filtering will need to be done on another box

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card