Problem advertising networks within EIGRP.

Unanswered Question
Jul 28th, 2009

I made a change to my ASA firewall last night so it only advertised the addresses of a certain hosts within EIGRP. These hosts sit on the outside interface of my firewall. Basically it didn't work and no routes were advertised for these addresses.

router eigrp 100





interface Ethernet0/0

nameif Outside

security-level 100

ip address

ospf cost 10

Previously I was advertising the whole subnet by using the redistribute connected command. I removed this when trying to advertise the single host address.

The reason for this is so traffic destined for these hosts follows a different path to the rest of the subnet. The next stage was to add a static route on another router to the subnet and redistribute the static route in to EIGRP. Any idea why this hasn't worked?

Is it because within my network we only advertise the network so this wouldn't work. How could I get around this?

The firewall isn't used to connect to the internet. It connects my LAN to another LAN.

Many Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Peter Paluch Tue, 07/28/2009 - 02:20


The "network" command in routing protocol configuration includes only directly connected networks into that protocol. It can not be used to advertise an arbitrary host IP address, even within a directly connected network.

You obviously need to advertise a bunch of host IP routes (with the /32 prefix). The only way I can think of right now is defining those host IP routes statically in your routing table pointing out the correct interface and then redistributing them into the EIGRP. In IOS, if you define a static route with an outgoing interface without a next hop address, that route is considered to be a directly connected network as well and can be included into the EIGRP using the "network" command as any other directly connected network (i.e. not necessary to redistribute it). I am not sure if this can be done in ASA OS but at least the trick with redistribution should work.

Best regards,


darrenriley5 Tue, 07/28/2009 - 04:50


Don't think I can specify an interface on an ASA, doesn't give me the option.

Could you confirm my understanding is correct even though it doesn't seem possible.

route Outside interface e1/0

router eigrp 100

redistribute sttatic

My firewall connects directly to a router on my LAN. Could I add static routes on the router to these hosts which point to the internal address of my firewall and redistribute those into eigrp?



Peter Paluch Tue, 07/28/2009 - 05:48

Hi Darren,

Unfortunately I do not have an ASA to do greater experiments but I do believe that it will allow you to define static routes as follows:

route Outside

You simply use the host's own IP address as the next hop. Then you can redistribute it into EIGRP - or perhaps try first using the "network" command exactly as you originally suggested, and use redistribution only if the "network" command doesn't work.

Best regards,



This Discussion