Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
630
Views
0
Helpful
1
Replies

OSPF Inbound Filtering on ASA

udj
Level 1
Level 1

‎08-08-2008 11:19 AM - edited ‎03-11-2019 06:28 AM

Hi,

I have a redundant ASA setup using 2 OSPF processors, one for the external core network and one for the internal core network.

Normally I have public IP's from the external OSPF being inserted into the routing table on the ASA, and private IP's comming from the internal OSPF. I'm not redistributing routes between the OSPF's.

Until now there has been no need for filtering what goes into the routing table from each OSPF.

Now there is a need though, as I have routes in the internal OSPF which conflict with routes injected from the external OSPF, so I need to filter out the conflicting routes on the ASA firewall to keep it from inserting them into the routing table.

The Cisco IOS seem to have this feature:

http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/routmap.html

The ASA 7.2 seem to have this feature, if using RIP!! (distribute-list in)

Is there any way of doing this when I'm using OSPF.

The conflicting routes are needed in the internal OSPF by other network equipment to pinout traffic destined for a specific network and send it to an alternative gateway handling the outbound traffic to the network.

I Hope someone has the time to point me in the right direction :) Thanks in advance .. any help will be appreciated :)

Regards..

Ulrik Jensen

Hostnordic A/S

Labels:
0 Helpful
1 Reply 1

udj
Level 1
Level 1

‎08-08-2008 01:02 PM

Would it be possible use the area filter-list prefix-list command .. it doesn't seem to prevent the route from entering the routing table.. I might be missing something here?

Q: If I split the internal core network into 2 OSPF areas would it then be possible to keep routes from one area entering the other. I might be out on a limp here.

The unwanted route shows in the routing table as:

O E2 81.95.240.0 255.255.240.0 [110/20] via 192.168.2.2, 0:00:15, inside1

This is sofisticated Cisco equipment, it should be possible to keep unwanted routes from getting into the routing table ;-)

/Ulrik

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card