04-21-2010 07:49 AM - edited 03-11-2019 10:35 AM
I've configured rip with these commands:
router rip
network 192.168.2.0
network 192.168.10.0
passive-interface outside
passive-interface dmz
redistribute connected metric transparent
redistribute static metric 2
version 2
!inside:
interface Ethernet 0
ip authentication key xxxxxx key_id 1
ip rip authentication mode md5
And I've put the ASA on a working rip environment. ASA don't receive and send RIP information.
I've tried to enable debug (debug rip events and debug rip database) but there aren't message about rip. It seems like that RIP process don't start.
Any suggestion?
Thanks,
Fabio
04-21-2010 08:39 AM
fabio.grasso wrote:
I've configured rip with these commands:
router rip
network 192.168.2.0
network 192.168.10.0
passive-interface outside
passive-interface dmz
redistribute connected metric transparent
redistribute static metric 2
version 2!inside:
interface Ethernet 0
ip authentication key xxxxxx key_id 1
ip rip authentication mode md5Any suggestion?
Thanks,
Fabio
Fabio
What is the inside interface IP address on your firewall ?
Jon
04-21-2010 11:55 AM
The internal IP is 192.168.2.201/23
Thanks,
Fabio
04-21-2010 11:17 PM
Well... this problem is making me crazy.
I've done some test and this is the results: if I change my internal ip to 192.168.2.201/24 the RIP works fine, if I set it to 192.168.2.201/23 (that is the correct netmask), RIP stop to works on that interface.
I've the same problem on ASA5510 and on a Catalyst 3750G (with IPBASE).
I've said that I put this appliance on an existent RIP environment, but in fact there is the first time that we use the RIP o that subnet (all the other router and switch with RIP are in another network that we use for the comunication between our branch offices).
What I don't understand is why we have this behavior. RIP v 1 is a classful protocol, but v 2 is classless so I suppose that works fine also with supernet/subnet.
Any suggestion?
Thanks,
Fabio
04-21-2010 11:35 PM
Hi,
as per your post, if you have changed the mask, then rip works fine...suspecting the interface config of the other end.
what is the mask you assigned the other end of firewall(inside) interface
Thanks
Karuppu
04-21-2010 11:35 PM
Hi,
as per your post, if you have changed the mask, then rip works fine...suspecting the interface config of the other end.
what is the mask you assigned the other end of firewall(inside) interface
Thanks
Karuppu
04-21-2010 11:57 PM
On the firewall the mask is the same as in the switch.
Firewall:
interface Ethernet0/0
nameif inside
security-level 100
ip address 192.168.2.201 255.255.254.0 standby 192.168.2.202
rip authentication mode md5
rip authentication key ***** key_id 1
!router rip
passive-interface dmz
passive-interface dmz2
passive-interface outside
redistribute connected
redistribute static
version 2
!
Switch:
key chain ripkey
key 1
key-string ******!
interface Vlan2
ip address 192.168.2.4 255.255.254.0
ip rip authentication mode md5
ip rip authentication key-chain ripkey
!interface Vlan255
description VLAN RETE COLT
bandwidth 102400
ip address 192.168.255.4 255.255.255.0
ip rip authentication mode md5
ip rip authentication key-chain ripkey
!
router rip
version 2
network 192.168.2.0
network 192.168.255.0
default-information originate
!interface GigabitEthernet1/0/2
description ASA5510
switchport access vlan 2
switchport mode access
!
In the VLAN 255 the RIP packet are correctly send and received. On VLAN2 no.
The version of ASA is 8.2(2) (afaik the latest rel of 8.2). And the switch is v. 12.2(25r)SEE4. But since I've the same problem on both switch and firewall I suppose that isn't a software bug.
Thanks,
Fabio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide