Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
708
Views
22
Helpful
10
Replies

permit RIP without enabling it thru ASA 5510

ksvy_ksvy
Level 1
Level 1

‎08-25-2008 05:45 PM - edited ‎03-11-2019 06:35 AM

is it possible to permit RIP through a 5510, using 7.2(10)2, without enabling RIP?

Labels:
0 Helpful
10 Replies 10

Marwan ALshawi
VIP Alumni
VIP Alumni

‎08-25-2008 06:38 PM

in ur case u need to run the ASA in transparant mode

in this case the ASA will work as a layer two device will not participat in any layer three addressing things and u can put it between two devices in the same ip addressing subnet

for example if u have PC >> ASA transparant mode>> router

the PC default gateway will be thw router

so if u have

Router with rip >>ASA transparnt mode>>> router with rip

those two routers can comunicate as in the same network as they connected to aswitch

however u need to permit the traffic through the ASA

just permit ip traffic for rip and multicasting for rip updates and thats it

have a look at the following link

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml

good luck

if helpful rate

Farrukh Haroon
VIP Alumni
VIP Alumni

‎08-25-2008 06:40 PM

In transparent mode you can do this for sure. As in the 'Layer 2' mode of the firewall.

In the routed mode, you can make a GRE tunnel between the two devices and run inside it. You will then allow this GRE through the ASA.

Regards

Farrukh

Marwan ALshawi
VIP Alumni
VIP Alumni
In response to Farrukh Haroon

‎08-25-2008 06:42 PM

hi Farrukh

it sounds we overlaped here :)

anyway this is 3 point for the GRE

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to Marwan ALshawi

‎08-25-2008 06:55 PM

Lolz OK. I think you posted while I was typing mine :)

Regards

Farrukh

0 Helpful

ksvy_ksvy
Level 1
Level 1

‎08-25-2008 07:31 PM

ok, works in transparent mode, and will need a GRE tunnel to go thru routed mode... routed mode is required for the site where the 5510 is going to

one more favor; need a white page for setting up a GRE tunnel for this purpose

thanks, kevin

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to ksvy_ksvy

‎08-26-2008 04:12 AM

I could only find one link for GRE on the DOC-CD which is little different from your requimrent:

http://www.cisco.com/en/US/tech/tk86/tk89/technologies_configuration_example09186a008011520d.shtml

There is one with GRE OVER IPSEC:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008023ce5b.shtml

Regards

Farrukh

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to ksvy_ksvy

‎08-26-2008 04:31 AM

The link you sent is to allow L2TP or PPTP though firewall. It has no direct relation to this discussion. If you want to permit GRE then you can use a similar ACL as the link, as PPTP also uses GRE. But other than that, this link is not what you are looking for.

Regards

Farrukh

0 Helpful

ksvy_ksvy
Level 1
Level 1
In response to Farrukh Haroon

‎08-26-2008 04:36 AM

right, but it's the only reference to a GRE ACL for a ASA that I could find.

I not so sure a GRE tunnel for IOS routers is what would work either.

thanks, Kevin

0 Helpful

Marwan ALshawi
VIP Alumni
VIP Alumni
In response to ksvy_ksvy

‎08-26-2008 04:43 AM

this link for router to router gre over IPSEC

if u want only gre ignore the ipsec configs

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008023ce5b.shtml

and the following one contains lots of gre config links

http://www.cisco.com/en/US/tech/tk827/tk369/tk287/tsd_technology_support_sub-protocol_home.html

good luck

if helpful Rate

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card