0% found this document useful (0 votes)
11 views16 pages

6.+Routing+on+the+ASA+ +OSPF

Uploaded by

igrowrajesh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
11 views16 pages

6.+Routing+on+the+ASA+ +OSPF

Uploaded by

igrowrajesh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 16

Routing on the ASA – c

OSPF
KHAWAR BUTT
CCIE # 12353 [R/S, SECURITY, SP, DC, VOICE, STORAGE & CCDE]
Overview
 Configuring OSPF
 Configuration Commands
 OSPF Authentication c

 Configuration OSPF Authentication


 Verification Commands
 Lab Configuration
Configuring OSPF
 All Routing Protocols are enabled by using the “Router” command.

 In order to enable OSPF, you use the “Router OSPF XX” command where the “XX” is the
process ID. Process ID is locally significant and
c does not need to match the remote router.

 OSPF routers are grouped into a logical entity known as an Area. In our examples, we are
going to use a single area, Area 0.

 OSPF router’s are identified by using a “IP Address” like identifier known as the router id. It
can be configured manually using the Router-ID command under the routing process.

Router OSPF 1
router-id 1.1.1.1
Configuration Commands
 Network Command is enable a Routing Protocol on an interface.

 By Enabling the routing protocol under the interface, it will take the following 2 actions:
• 1. It will allow the router to send and receive OSPF updates on that interface.
• 2. It will send/advertise this interface network on otherc OSPF enabled interfaces.

 In OSPF, the network command has to be used with a wild card mask. You can enable a major network, which
will enable OSPF on all interfaces with that major network including subnets. You need to specify the area that
this/these networks belong to.

 You enable OSPF on all the directly connected interfaces.

Router ospf 1
router-id 1.1.1.1
Network 10.0.0.0 255.0.0.0 area 0
Network 192.168.4.0 255.255.255.0 area 0
OSPF Authentication
 Authentication allows you to validate the updates are being sent from a
trusted source.

c
 OSPF authentication can be done by using Clear Text Authentication or
MD5.

 Clear Text authentication sends the password along with the Update. The
password can be seen if someone runs a sniffer on the network.

 MD5 hashes the password. It is the preferred mechanism for


authentication. The password is not sent in the clear.
Configuring OSPF Authentication
 Both the authentication mode and the Key configuration is directly done
under the interface for a router as well.

c
 You do have the ability to specify the authentication mode under the
Routing process but the key needs to be specified under the interface.

 This is applicable for both the Routers and the Firewall.


Configuring OSPF Authentication
 Clear Text Authentication on the Routers
Interface E 0/0
ip ospf authentication
ip ospf authentication-key cisco123 c

 Clear Text Authentication on the ASA


Interface E 0/0
ospf authentication
ospf authentication-key cisco123
Or
Router ospf 1
area 0 authentication
Interface E 0/0
ospf authentication-key cisco123
Configuring OSPF Authentication
 MD5 Authentication on the Routers
Interface E 0/0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco123 c
Or
Router ospf 1
area 0 authentication message-digest
Interface E 0/0
ip ospf message-digest-key 1 md5 cisco123

 Clear Text Authentication on the ASA


Interface E 0/0
ospf authentication message-digest
ospf message-digest-key 1 md5 cisco123
Verification Commands
 Show run router - Displays the running config for a routing protocol.
 Show Route – Displays the routing table.
 Ping – Verifies connectivity. c
Lab Configuration
10.2.2.0/24
R2 199.1.1.0/24
200.1.1.0/24

E0/0 (.2)

192.1.20.0/24 Outside
c
ASA FW G0/0 (.10)
R4 R3
192.168.4.0/24 DMZ-4 192.168.3.0/24 DMZ-3
E0/0 (.4) G0/3 (.10) G0/2 (.10) E0/0 (.3)

10.4.4.0/24 G0/1 (.10)


10.3.3.0/24

10.11.11.0/24 Inside

E0/0 (.1)

E0/1 (.1)
10.1.1.0/24
10.20.20.0/24
10.10.10.0/24 R1
Lab Configuration
 This lab builds on the Previous Lab (EIGRP)

 Clear all routing configuration by using the “Clear configure router” command. Also, use the
“No router eigrp 100” command on the routers to disable EIGRP.
c
 Configure OSPF in process ID 1 on all the routers.

 Make sure all 10.X.X.X networks are reachable from the ASA. Use Area 0 for all networks.

 Configure Clear Text Authentication using a key ID of 1 and Key string of cisco123 between the
ASA and R3.

 Configure MD5 Authentication using a key ID of 1 and Key string of cisco555 between ASA and
R2.
Lab Configuration
ASA

Clear Configure router


!
Router ospf 1
router-id 10.10.10.10 c
network 192.1.20.0 255.255.255.0 area 0
network 10.11.11.0 255.255.255.0 area 0
network 192.168.3.0 255.255.255.0 area 0
network 192.168.4.0 255.255.255.0 area 0
!
Interface Gig 0/0
ospf authentication message-digest
ospf message-digest-key 1 md5 cisco555
!
Interface Gig 0/2
ospf authentication
ospf authentication-key cisco123
Lab Configuration
R1 R2

No Router eigrp 100 No Router eigrp 100


Router ospf 1 Router cospf 1
router-id 1.1.1.1 router-id 2.2.2.2
network 10.0.0.0 0.255.255.255 area 0 network 10.2.2.0 0.0.0.255 area 0
network 192.1.20.0 0.0.0.255 area 0
!
Interface E0/0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5
cisco555
Lab Configuration
R3 R4

No Router eigrp 100 No Router eigrp 100


Router ospf 1 Router cospf 1
router-id 3.3.3.3 router-id 4.4.4.4
network 10.3.3.0 0.0.0.255 area 0 network 10.4.4.0 0.0.0.255 area 0
network 192.168.3.0 0.0.0.255 area 0 network 192.168.4.0 0.0.0.255 area 0
!
Interface E0/0
ip ospf authentication
ip ospf authentication-key cisco123
Lab Configuration
 Ping 10.2.2.2 to verify the connectivity

 Ping 10.1.1.1, 10.10.10.1 & 10.20.20.1 behind R1.

 Ping 10.3.3.3 behind R3. c


 Ping 10.4.4.4 behind R4.
Whiteboard

You might also like