does the ASA support no auto-summary and CIDR??

Pregunta respondida
Sep 19th, 2011

Hi everybody,

I'm wander if I can do the following deployment using a Cisco ASA5510 security plus.

At this moment I have two interfaces in use one (outside) with the IP: 172.16.21.254/24 and the other (inside) with the IP: 192.168.4.1/24. Now the customer needs to connect another network that works with the IP segment: 192.168.0.0/22.

The IP segment 192.168.0.0/22 goes from 192.168.0.1 to 192.168.3.254 that means that there is no a overlap with the network segment 192.168.4.0/24. My question is: If I configure another interface in the ASA that works in the segment 192.168.0.0/22 the routing table will auto-summary the network and merge it with the network 192.168.4.0 or will it leave the networks apart??

I don't user dynamic routing protocols but I cannot do the changes if I have doubts because the network 192.168.0.0/22 is a the Network for the Factory Automation Systems.

Thanks and Regards

Jose

I have this problem too.
0 votos
Correct Answer by Itzcoatl Espinosa about hace 3 años 9 meses

José,

Regarding your question, the ASA will be able  to populate the routing table with both networks as they have different prefix lengths, they should be considered different

This can be confirmed with the following documentation.

If the two routes have different network prefix  lengths (network masks), then both routes are considered unique and are  entered in to the routing table. The packet forwarding logic then  determines which of the two to use.

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/ip.html#wp1107880

The design should work as long as there is no overlap on the networks, which you have already confirmed. The ASA will not auto summarize the networks.

Thanks,

Itzcoatl

Correct Answer
Itzcoatl Espinosa Mar, 09/20/2011 - 09:31

José,

Regarding your question, the ASA will be able  to populate the routing table with both networks as they have different prefix lengths, they should be considered different

This can be confirmed with the following documentation.

If the two routes have different network prefix  lengths (network masks), then both routes are considered unique and are  entered in to the routing table. The packet forwarding logic then  determines which of the two to use.

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/ip.html#wp1107880

The design should work as long as there is no overlap on the networks, which you have already confirmed. The ASA will not auto summarize the networks.

Thanks,

Itzcoatl

Acciones

This Discussion