FWSM: OSPF

Unanswered Question
Oct 5th, 2009
User Badges:

Can you configure OSPF on the FWSM. VLAN 199 & 200 are configured behind the FWSM and I want them to be routed apart of OSPF 99.


Please advise.


### 6500 ###


interface Vlan100

description "MGMT"

ip address 10.26.20.1 255.255.255.0



interface Vlan199

description "Voice"

ip address 10.27.0.2 255.255.254.0



interface Vlan200

description "DATA"

ip address 10.27.2.2 255.255.255.0



router ospf 99

router-id 10.26.28.4

log-adjacency-changes

area 0 authentication message-digest

redistribute connected subnets

network 10.26.0.16 0.0.0.3 area 0

network 10.26.0.20 0.0.0.3 area 0



### 6500 + FWSM ###


### 6500 ###



no aaa new-model

firewall module 4 vlan-group 1

firewall vlan-group 1 100,199,200


interface Vlan100

description "MGMT"

ip address 10.26.20.1 255.255.255.0


router ospf 99

router-id 10.26.28.4

log-adjacency-changes

area 0 authentication message-digest

redistribute connected subnets

network 10.26.0.16 0.0.0.3 area 0

network 10.26.0.20 0.0.0.3 area 0



### FWSM ###



interface Vlan100

nameif OUTSIDE

security-level 0

ip address 10.26.20.250 255.255.255.0

!

interface Vlan199

nameif CM-VOICE

security-level 100

ip address 10.27.0.1 255.255.254.0

!

interface Vlan200

nameif CM-SERVERS

security-level 100

ip address 10.27.2.1 255.255.255.0


route OUTSIDE 0.0.0.0 0.0.0.0 10.26.20.1 1


regards,

C







  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dinesh.das Mon, 10/05/2009 - 08:48
User Badges:

In single context mode, the routed firewall supports OSPF and RIP (in passive mode).

Multiple context mode supports static routes only.

Configure the static route and redistribute them into ospf

Hope this will help you.............

Regards,

Dinesh

Jon Marshall Mon, 10/05/2009 - 10:06
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Colm


Is it safe to assume that the section marked "### 6500 ###" is the config prior to migrating to the FWSM ?


If so yes you can run OSPF on the FWSM as long as you are running in single context mode.


However i'm a little confused with this config on the 6500


interface Vlan100

description "MGMT"

ip address 10.26.20.1 255.255.255.0


router ospf 99

network 10.26.0.20 0.0.0.3 area 0


is the network statement under ospf 99 meant to match the network of vlan 100 because it doesn't at the moment. Anyway your config would look something like


6500

====


router ospf 99

network 10.26.20.0 0.0.0.255 area 0 <-- assuming this is indeed in area 0


FWSM -


router ospf 99

network 10.26.20.0 0.0.0.255 area 0

network 10.27.0.0 0.0.0.1 area 0

network 10.27.2.0 0.0.0.255 area 0


You may also want to set the OSPF priority of the FWSM interfaces to 0 to ensure that they are not elected as the BDR/DR on the ethernet segment.


Additional OSPF config options can be found here -


http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ip.html#wp1094564


Jon



Actions

This Discussion