permit RIP without enabling it thru ASA 5510

Unanswered Question
Aug 25th, 2008

is it possible to permit RIP through a 5510, using 7.2(10)2, without enabling RIP?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (6 ratings)
Loading.
Marwan ALshawi Mon, 08/25/2008 - 18:38

in ur case u need to run the ASA in transparant mode

in this case the ASA will work as a layer two device will not participat in any layer three addressing things and u can put it between two devices in the same ip addressing subnet

for example if u have PC >> ASA transparant mode>> router

the PC default gateway will be thw router

so if u have

Router with rip >>ASA transparnt mode>>> router with rip

those two routers can comunicate as in the same network as they connected to aswitch

however u need to permit the traffic through the ASA

just permit ip traffic for rip and multicasting for rip updates and thats it

have a look at the following link

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml

good luck

if helpful rate

Farrukh Haroon Mon, 08/25/2008 - 18:40

In transparent mode you can do this for sure. As in the 'Layer 2' mode of the firewall.

In the routed mode, you can make a GRE tunnel between the two devices and run inside it. You will then allow this GRE through the ASA.

Regards

Farrukh

ksvy_ksvy Mon, 08/25/2008 - 19:31

ok, works in transparent mode, and will need a GRE tunnel to go thru routed mode... routed mode is required for the site where the 5510 is going to

one more favor; need a white page for setting up a GRE tunnel for this purpose

thanks, kevin

Farrukh Haroon Tue, 08/26/2008 - 04:31

The link you sent is to allow L2TP or PPTP though firewall. It has no direct relation to this discussion. If you want to permit GRE then you can use a similar ACL as the link, as PPTP also uses GRE. But other than that, this link is not what you are looking for.

Regards

Farrukh

ksvy_ksvy Tue, 08/26/2008 - 04:36

right, but it's the only reference to a GRE ACL for a ASA that I could find.

I not so sure a GRE tunnel for IOS routers is what would work either.

thanks, Kevin

Actions

This Discussion