06-18-2010 10:35 AM - edited 03-04-2019 08:49 AM
Here is the environment :
Loopback0 172.16.255.1/32 Loopback0 172.16.255.1/32
| |
int f0/0 3745 ---------- ------- l2 ----------------------- 6509 Int f7/2 10.1.0.80
10.1.0.51
|
| int f7/1 172.16.255.253/30
|
Layer 3
|
|
| inside 172.16.255.254/30
ASA5520
I want to use OSPF between the 3 devices. My first question is running it between the 3745 and the 6509. I'm having trouble understanding how to configure this, my thinking is that if i advertise the 10.1. network it may cause routing issues. Thanks in advance for any help .
Solved! Go to Solution.
06-18-2010 11:00 AM
Hello Gizri,
OSPF is classless by default so it does not perform automatic summarization at major network transition between network 10/8 and 172.16./16.
as Jon has noted you have the ability to decide to run OSPF only on a subset of each device's interfaces.
If you don't want this LAN segment to access/to be accessed from the internet or from another company (whatever is after the ASA 5520) it is enough to do not include 10.1.0.0 in NAT commands or in commands for setting up LAN to LAN IPSec VPN(s).
if there are other networks behind/upstream the C3745, that you would like to be advertised in OSPF and to be known at the ASA, according to your network diagram you need to run OSPF on 10.1.0.0/xx network or you will have only one OSPF adjacency between C6509 and ASA.
being the ASA and the router C3745 in different IP subnets they cannot build an OSPF adjacency even if they can see each other hellos and OSPF cannot build adjacency on secondary IP addresses as it could be done with RIP so no easy fix.
if you move the IP address that you have given to the C6509 L3 interface to the C3745 you can even use the C6509 only as a L2 switch for a specific Vlan.
So, what are you trying to achieve?
routing should be fine almost in any case
Edit:
I understand your question is more basic
you need something like
router ospf 10
network 10.1.0.0 0.0.0.255 area 0
! other network commands for networks behind C3745 but directly connected to it
network 10.20.20.0 0.0.0.255 area 0
!
on C6509
router ospf 10
network 10.1.0.0 0.0.0.255 area 0
network 172.16.X.Y 0.0.0.3 area 0
on ASA
router ospf 10
network 172.16.X.Y 0.0.0.3 area 0
the network area command is the basic command to exchange hellos both devices in common link need it with matching parameters ( area number, area type and others)
Hope to help
Giuseppe
06-18-2010 11:53 AM
Hello Gizbri,
you will need to add redistribute commands in order to inject BGP and static routes into OSPF domain
router ospf 10
red bgp XX subnets
red static subnets
C6500
router ospf 10
red static subnets
the ASA may need to redistribute static routes for remote sites in the same way
subnets keyword is very important to correctly import routes into OSPF or it will auto summarize to major networks (class A, B,C)
Hope to help
Giuseppe
06-18-2010 10:41 AM
gizbri wrote:
Here is the environment :
Loopback0 172.16.255.1/32 Loopback0 172.16.255.1/32
| |
int f0/0 3745 ---------- ------- l2 ----------------------- 6509 Int f7/2 10.1.0.80
10.1.0.51
|
| int f7/1 172.16.255.253/30
|
Layer 3
|
|
| inside 172.16.255.254/30
ASA5520
I want to use OSPF between the 3 devices. My first question is running it between the 3745 and the 6509. I'm having trouble understanding how to configure this, my thinking is that if i advertise the 10.1. network it may cause routing issues. Thanks in advance for any help .
Why would it cause routing issues ?
If you don't include network statements for the 10.1.0.0 network on the 3745 and the 6500 then OSPF adjacency will be formed between the 2 routers so the 3745 will not be aware of any of the networks past the 6500 and the 6500 will not be aware of the loopback0 on the 3745.
Jon
06-18-2010 10:51 AM
Thanks Jon makes sense. To get them to exchange OSPF info would I use the neighbor command ?
06-18-2010 11:00 AM
Hello Gizri,
OSPF is classless by default so it does not perform automatic summarization at major network transition between network 10/8 and 172.16./16.
as Jon has noted you have the ability to decide to run OSPF only on a subset of each device's interfaces.
If you don't want this LAN segment to access/to be accessed from the internet or from another company (whatever is after the ASA 5520) it is enough to do not include 10.1.0.0 in NAT commands or in commands for setting up LAN to LAN IPSec VPN(s).
if there are other networks behind/upstream the C3745, that you would like to be advertised in OSPF and to be known at the ASA, according to your network diagram you need to run OSPF on 10.1.0.0/xx network or you will have only one OSPF adjacency between C6509 and ASA.
being the ASA and the router C3745 in different IP subnets they cannot build an OSPF adjacency even if they can see each other hellos and OSPF cannot build adjacency on secondary IP addresses as it could be done with RIP so no easy fix.
if you move the IP address that you have given to the C6509 L3 interface to the C3745 you can even use the C6509 only as a L2 switch for a specific Vlan.
So, what are you trying to achieve?
routing should be fine almost in any case
Edit:
I understand your question is more basic
you need something like
router ospf 10
network 10.1.0.0 0.0.0.255 area 0
! other network commands for networks behind C3745 but directly connected to it
network 10.20.20.0 0.0.0.255 area 0
!
on C6509
router ospf 10
network 10.1.0.0 0.0.0.255 area 0
network 172.16.X.Y 0.0.0.3 area 0
on ASA
router ospf 10
network 172.16.X.Y 0.0.0.3 area 0
the network area command is the basic command to exchange hellos both devices in common link need it with matching parameters ( area number, area type and others)
Hope to help
Giuseppe
06-18-2010 11:35 AM
Giuseppe - thanks for the response and explanation. Basiclly I have networks on the 3745 (static, BGP and EIGRP), directly connected networks on the 6509 and VPN Networks on the ASA. With growth and re-design I wanted to eliminate putting static routes on each device and re-destribute some of the other connected networks, OSPF seems to be the best option. Thank you for the example , it gives me a jumping off point .
06-18-2010 11:53 AM
Hello Gizbri,
you will need to add redistribute commands in order to inject BGP and static routes into OSPF domain
router ospf 10
red bgp XX subnets
red static subnets
C6500
router ospf 10
red static subnets
the ASA may need to redistribute static routes for remote sites in the same way
subnets keyword is very important to correctly import routes into OSPF or it will auto summarize to major networks (class A, B,C)
Hope to help
Giuseppe
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: