OSPF Inbound Filtering on ASA

Unanswered Question


I have a redundant ASA setup using 2 OSPF processors, one for the external core network and one for the internal core network.

Normally I have public IP's from the external OSPF being inserted into the routing table on the ASA, and private IP's comming from the internal OSPF. I'm not redistributing routes between the OSPF's.

Until now there has been no need for filtering what goes into the routing table from each OSPF.

Now there is a need though, as I have routes in the internal OSPF which conflict with routes injected from the external OSPF, so I need to filter out the conflicting routes on the ASA firewall to keep it from inserting them into the routing table.

The Cisco IOS seem to have this feature:


The ASA 7.2 seem to have this feature, if using RIP!! (distribute-list in)

Is there any way of doing this when I'm using OSPF.

The conflicting routes are needed in the internal OSPF by other network equipment to pinout traffic destined for a specific network and send it to an alternative gateway handling the outbound traffic to the network.

I Hope someone has the time to point me in the right direction :) Thanks in advance .. any help will be appreciated :)


Ulrik Jensen

Hostnordic A/S

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

Would it be possible use the area filter-list prefix-list command .. it doesn't seem to prevent the route from entering the routing table.. I might be missing something here?

Q: If I split the internal core network into 2 OSPF areas would it then be possible to keep routes from one area entering the other. I might be out on a limp here.

The unwanted route shows in the routing table as:

O E2 [110/20] via, 0:00:15, inside1

This is sofisticated Cisco equipment, it should be possible to keep unwanted routes from getting into the routing table ;-)



This Discussion