×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PIX/ASA OSPF Route Advertisement

Unanswered Question
Oct 11th, 2007
User Badges:

My ASA is running OS 7.1.2. Routing is handled by OSPF and static routes. No default or 0.0.0.0 route is defined or learned. I want to add a default route but not advertise it with OSPF. How would I do this? I am was thinking distribute lists but I can't not find this as an option. I then thought about using a route-map but I am not 100% sure how or if it will work.


current config

router ospf 16

network 192.168.198.0 255.255.255.0 area 0

network 192.168.255.0 255.255.255.0 area 0

network x.x.28.0 255.255.255.240 area 0

network x.x.28.16 255.255.255.240 area 0

network x.x.28.60 255.255.255.252 area 0

router-id 192.168.255.12

log-adj-changes

redistribute static subnets


I am thinking about adding


access-list all_other_routes line 1 standard permit any


access-list default_route line 1 standard permit any


route-map static_redist_ospf deny 10

match ip address default_route

!

route-map static_redist_ospf permit 20

match ip address all_other_routes


router ospf 16

redistribute static route-map redist_ospf


then an all zeros route


Would this work? Other ideas?


Thanks

Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
nathancielieska Thu, 10/11/2007 - 08:33
User Badges:

your on the right track, be careful with OSPF on ASA especially with that relatively old version of code. Some people have seen some quirky bugs relating to OSPF and ASA


access-list allowed_statics line 1 ext permit

access-list default_route line 1 ext permit 0.0.0.0 0.0.0.0 any


route-map static_redist_ospf permit 10

match ip address allowed_statics

route-map static_redist_ospf deny 20

match ip address default_route


In your current proposed configuration your route map will deny any routes from advertising (by matching 10), not only your 0.0.0.0 but all of em.


You might consider moving your static redistribution to a router downstream from your ASA, and just a 0.0.0.0 on the ASA, which you do not redistribute.. something to keep in mind.


Actions

This Discussion