6.+Routing+on+the+ASA+ +OSPF
6.+Routing+on+the+ASA+ +OSPF
OSPF
KHAWAR BUTT
CCIE # 12353 [R/S, SECURITY, SP, DC, VOICE, STORAGE & CCDE]
Overview
Configuring OSPF
Configuration Commands
OSPF Authentication c
In order to enable OSPF, you use the “Router OSPF XX” command where the “XX” is the
process ID. Process ID is locally significant and
c does not need to match the remote router.
OSPF routers are grouped into a logical entity known as an Area. In our examples, we are
going to use a single area, Area 0.
OSPF router’s are identified by using a “IP Address” like identifier known as the router id. It
can be configured manually using the Router-ID command under the routing process.
Router OSPF 1
router-id 1.1.1.1
Configuration Commands
Network Command is enable a Routing Protocol on an interface.
By Enabling the routing protocol under the interface, it will take the following 2 actions:
• 1. It will allow the router to send and receive OSPF updates on that interface.
• 2. It will send/advertise this interface network on otherc OSPF enabled interfaces.
In OSPF, the network command has to be used with a wild card mask. You can enable a major network, which
will enable OSPF on all interfaces with that major network including subnets. You need to specify the area that
this/these networks belong to.
Router ospf 1
router-id 1.1.1.1
Network 10.0.0.0 255.0.0.0 area 0
Network 192.168.4.0 255.255.255.0 area 0
OSPF Authentication
Authentication allows you to validate the updates are being sent from a
trusted source.
c
OSPF authentication can be done by using Clear Text Authentication or
MD5.
Clear Text authentication sends the password along with the Update. The
password can be seen if someone runs a sniffer on the network.
c
You do have the ability to specify the authentication mode under the
Routing process but the key needs to be specified under the interface.
E0/0 (.2)
192.1.20.0/24 Outside
c
ASA FW G0/0 (.10)
R4 R3
192.168.4.0/24 DMZ-4 192.168.3.0/24 DMZ-3
E0/0 (.4) G0/3 (.10) G0/2 (.10) E0/0 (.3)
10.11.11.0/24 Inside
E0/0 (.1)
E0/1 (.1)
10.1.1.0/24
10.20.20.0/24
10.10.10.0/24 R1
Lab Configuration
This lab builds on the Previous Lab (EIGRP)
Clear all routing configuration by using the “Clear configure router” command. Also, use the
“No router eigrp 100” command on the routers to disable EIGRP.
c
Configure OSPF in process ID 1 on all the routers.
Make sure all 10.X.X.X networks are reachable from the ASA. Use Area 0 for all networks.
Configure Clear Text Authentication using a key ID of 1 and Key string of cisco123 between the
ASA and R3.
Configure MD5 Authentication using a key ID of 1 and Key string of cisco555 between ASA and
R2.
Lab Configuration
ASA