Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
470
Views
0
Helpful
2
Replies

ASA and OSPF - Denying one IP in an allowed range.

sonya.rowland
Level 1
Level 1

‎07-05-2016 06:33 AM

I need to add a new statement to our OSPF redistribuition access list. We have a vendor that has asked us to allow an entire /24 for their servers. However, we found out that one of the IPs in that range is for one of their ftp servers. I need to have that server enter our network on a different Internet pipe. (We have two paths in).

So if I write (and this is just an example without the real public addresses):

access-list (access list name) standard permit 10.10.10.0 255.255.255.0

access-list (access list name) standard deny host 10.10.10.20

Will this stop the 10.10.10.20 from being redistributed into the OSPF that the LAN learns?

We need the 10.10.10.20 to traverse a different internet path in to our network. The traffic needs to stay synchronous.

Thanks.

Labels:
0 Helpful
2 Replies 2

Marcel Maeder
Level 4
Level 4

‎07-08-2016 05:06 AM

Is the network 10.10.10.0/24 directly connected to the ASA or statically routed?

The way access-lists work you'd have to enter the deny before the permit. But in OSPF you can't exclude single IPs beause the LSA contains whole networks. So no.

The easiest way woud be to statically route 10.10.10.20 on the other device to the right destination.

0 Helpful

sonya.rowland
Level 1
Level 1
In response to Marcel Maeder

‎07-08-2016 05:36 AM

Thanks!

0 Helpful
Customers Also Viewed These Support Documents