Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA Prefix-List

Hi,

R1 (Area 0 )---------- ASA -----------(Area 1) R2

3.3.3.3

4.4.4.4

I want to apply prefix-list to OSPF process 1 on cisco ASA which deny advertising 3.3.3.3 and 4.4.4.4

prefix-list abc deny 3.3.3.3/24

prefix-list abc deny 4.4.4.4/24

prefix-list abd permit 0.0.0.0/0 le 32

router ospf 1

network 1.1.1.1 255.255.255.0 area 0

network 2.2.2.2 255.255.255.0 area 1

area 0 filter-list prefix abc in

i have apply these config but still in routing table of R2 i can see 3.3.3.3 and 4.4.4.4.

5 REPLIES
Cisco Employee

ASA Prefix-List

Hello,

What I would do is to try to sepparate the two areas into process and then do the filter.

I tried and it worked fine.

IE:

R1:

router ospf 1

log-adjacency-changes

network 3.3.3.3 0.0.0.0 area 0

network 4.4.4.4 0.0.0.0 area 0

network 5.5.5.5 0.0.0.0 area 0

network 10.1.1.0 0.0.0.255 area 0

ASA:

router ospf 1

network 10.1.1.0 255.255.255.0 area 0

log-adj-changes

!

router ospf 2

network 10.2.2.0 255.255.255.0 area 1

log-adj-changes

redistribute ospf 1 subnets route-map ROUTES

route-map ROUTES, permit, sequence 10

  Match clauses:

    ip address (access-lists): 1

  Set clauses:

access-list 1 line 1 standard deny host 3.3.3.3 (hitcnt=4) 0xcb00e56e

access-list 1 line 2 standard deny host 4.4.4.4 (hitcnt=4) 0x57182e7b

access-list 1 line 3 standard permit any (hitcnt=3) 0x9f9fa842

R2

router ospf 1

log-adjacency-changes

no auto-cost

network 10.2.2.0 0.0.0.255 area 1

Routing Table:

     5.0.0.0/32 is subnetted, 1 subnets

O E2    5.5.5.5 [110/11] via 10.2.2.2, 00:00:40, FastEthernet0/0

     10.0.0.0/24 is subnetted, 2 subnets

C       10.2.2.0 is directly connected, FastEthernet0/0

O E2    10.1.1.0 [110/10] via 10.2.2.2, 00:00:40, FastEthernet0/0

Let me know if that makes sesne.

Mike

Mike
New Member

ASA Prefix-List

Hi Mike,

I am asked to do it with prefix-list, not route map.

Is it possible to achieve it ?

Cisco Employee

ASA Prefix-List

The way you are doing it no. That would only prevent it from appearing on the ASA. Nothing to do with redistribute.

Mike

Mike
Cisco Employee

try the following: prefix

try the following:

 

prefix-list PLIST_A1_IN deny 3.3.3.3/32

prefix-list PLIST_A1_IN deny 4.4.4.4/32

prefix-list PLIST_A1_IN permit 0.0.0.0/0 le 32

 

router ospf 1

area 1 filter-list prefix PLIST_A1_IN in

 

*Note:  The above feature only applies to InterArea LSA (type 3) only.  If the 3.3.3.3 & 4.4.4.4. prefixes are advertised using different LSAs, filter-lists will not do anything.

 

- sandeep

Hi,Try the following:area 0

Hi,

Try the following:

area 0 range 3.3.3.3 255.255.255.255 not-advertise

714
Views
10
Helpful
5
Replies
CreatePlease to create content