PIX/ASA OSPF Route Advertisement

rmeans · ‎10-11-2007

My ASA is running OS 7.1.2. Routing is handled by OSPF and static routes. No default or 0.0.0.0 route is defined or learned. I want to add a default route but not advertise it with OSPF. How would I do this? I am was thinking distribute lists but I can't not find this as an option. I then thought about using a route-map but I am not 100% sure how or if it will work.

current config

router ospf 16

network 192.168.198.0 255.255.255.0 area 0

network 192.168.255.0 255.255.255.0 area 0

network x.x.28.0 255.255.255.240 area 0

network x.x.28.16 255.255.255.240 area 0

network x.x.28.60 255.255.255.252 area 0

router-id 192.168.255.12

log-adj-changes

redistribute static subnets

I am thinking about adding

access-list all_other_routes line 1 standard permit any

access-list default_route line 1 standard permit any

route-map static_redist_ospf deny 10

match ip address default_route

!

route-map static_redist_ospf permit 20

match ip address all_other_routes

router ospf 16

redistribute static route-map redist_ospf

then an all zeros route

Would this work? Other ideas?

Thanks

Rick

nathancielieska · ‎10-11-2007

your on the right track, be careful with OSPF on ASA especially with that relatively old version of code. Some people have seen some quirky bugs relating to OSPF and ASA

access-list allowed_statics line 1 ext permit

access-list default_route line 1 ext permit 0.0.0.0 0.0.0.0 any

route-map static_redist_ospf permit 10

match ip address allowed_statics

route-map static_redist_ospf deny 20

match ip address default_route

In your current proposed configuration your route map will deny any routes from advertising (by matching 10), not only your 0.0.0.0 but all of em.

You might consider moving your static redistribution to a router downstream from your ASA, and just a 0.0.0.0 on the ASA, which you do not redistribute.. something to keep in mind.