10-05-2009 07:56 AM - edited 03-11-2019 09:22 AM
Can you configure OSPF on the FWSM. VLAN 199 & 200 are configured behind the FWSM and I want them to be routed apart of OSPF 99.
Please advise.
### 6500 ###
interface Vlan100
description "MGMT"
ip address 10.26.20.1 255.255.255.0
interface Vlan199
description "Voice"
ip address 10.27.0.2 255.255.254.0
interface Vlan200
description "DATA"
ip address 10.27.2.2 255.255.255.0
router ospf 99
router-id 10.26.28.4
log-adjacency-changes
area 0 authentication message-digest
redistribute connected subnets
network 10.26.0.16 0.0.0.3 area 0
network 10.26.0.20 0.0.0.3 area 0
### 6500 + FWSM ###
### 6500 ###
no aaa new-model
firewall module 4 vlan-group 1
firewall vlan-group 1 100,199,200
interface Vlan100
description "MGMT"
ip address 10.26.20.1 255.255.255.0
router ospf 99
router-id 10.26.28.4
log-adjacency-changes
area 0 authentication message-digest
redistribute connected subnets
network 10.26.0.16 0.0.0.3 area 0
network 10.26.0.20 0.0.0.3 area 0
### FWSM ###
interface Vlan100
nameif OUTSIDE
security-level 0
ip address 10.26.20.250 255.255.255.0
!
interface Vlan199
nameif CM-VOICE
security-level 100
ip address 10.27.0.1 255.255.254.0
!
interface Vlan200
nameif CM-SERVERS
security-level 100
ip address 10.27.2.1 255.255.255.0
route OUTSIDE 0.0.0.0 0.0.0.0 10.26.20.1 1
regards,
C
10-05-2009 08:48 AM
In single context mode, the routed firewall supports OSPF and RIP (in passive mode).
Multiple context mode supports static routes only.
Configure the static route and redistribute them into ospf
Hope this will help you.............
Regards,
Dinesh
10-05-2009 10:06 AM
Colm
Is it safe to assume that the section marked "### 6500 ###" is the config prior to migrating to the FWSM ?
If so yes you can run OSPF on the FWSM as long as you are running in single context mode.
However i'm a little confused with this config on the 6500
interface Vlan100
description "MGMT"
ip address 10.26.20.1 255.255.255.0
router ospf 99
network 10.26.0.20 0.0.0.3 area 0
is the network statement under ospf 99 meant to match the network of vlan 100 because it doesn't at the moment. Anyway your config would look something like
6500
====
router ospf 99
network 10.26.20.0 0.0.0.255 area 0 <-- assuming this is indeed in area 0
FWSM -
router ospf 99
network 10.26.20.0 0.0.0.255 area 0
network 10.27.0.0 0.0.0.1 area 0
network 10.27.2.0 0.0.0.255 area 0
You may also want to set the OSPF priority of the FWSM interfaces to 0 to ensure that they are not elected as the BDR/DR on the ethernet segment.
Additional OSPF config options can be found here -
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ip.html#wp1094564
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide