Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

FWSM: OSPF

Can you configure OSPF on the FWSM. VLAN 199 & 200 are configured behind the FWSM and I want them to be routed apart of OSPF 99.

Please advise.

### 6500 ###

interface Vlan100

description "MGMT"

ip address 10.26.20.1 255.255.255.0

interface Vlan199

description "Voice"

ip address 10.27.0.2 255.255.254.0

interface Vlan200

description "DATA"

ip address 10.27.2.2 255.255.255.0

router ospf 99

router-id 10.26.28.4

log-adjacency-changes

area 0 authentication message-digest

redistribute connected subnets

network 10.26.0.16 0.0.0.3 area 0

network 10.26.0.20 0.0.0.3 area 0

### 6500 + FWSM ###

### 6500 ###

no aaa new-model

firewall module 4 vlan-group 1

firewall vlan-group 1 100,199,200

interface Vlan100

description "MGMT"

ip address 10.26.20.1 255.255.255.0

router ospf 99

router-id 10.26.28.4

log-adjacency-changes

area 0 authentication message-digest

redistribute connected subnets

network 10.26.0.16 0.0.0.3 area 0

network 10.26.0.20 0.0.0.3 area 0

### FWSM ###

interface Vlan100

nameif OUTSIDE

security-level 0

ip address 10.26.20.250 255.255.255.0

!

interface Vlan199

nameif CM-VOICE

security-level 100

ip address 10.27.0.1 255.255.254.0

!

interface Vlan200

nameif CM-SERVERS

security-level 100

ip address 10.27.2.1 255.255.255.0

route OUTSIDE 0.0.0.0 0.0.0.0 10.26.20.1 1

regards,

C

2 REPLIES
New Member

Re: FWSM: OSPF

In single context mode, the routed firewall supports OSPF and RIP (in passive mode).

Multiple context mode supports static routes only.

Configure the static route and redistribute them into ospf

Hope this will help you.............

Regards,

Dinesh

Hall of Fame Super Blue

Re: FWSM: OSPF

Colm

Is it safe to assume that the section marked "### 6500 ###" is the config prior to migrating to the FWSM ?

If so yes you can run OSPF on the FWSM as long as you are running in single context mode.

However i'm a little confused with this config on the 6500

interface Vlan100

description "MGMT"

ip address 10.26.20.1 255.255.255.0

router ospf 99

network 10.26.0.20 0.0.0.3 area 0

is the network statement under ospf 99 meant to match the network of vlan 100 because it doesn't at the moment. Anyway your config would look something like

6500

====

router ospf 99

network 10.26.20.0 0.0.0.255 area 0 <-- assuming this is indeed in area 0

FWSM -

router ospf 99

network 10.26.20.0 0.0.0.255 area 0

network 10.27.0.0 0.0.0.1 area 0

network 10.27.2.0 0.0.0.255 area 0

You may also want to set the OSPF priority of the FWSM interfaces to 0 to ensure that they are not elected as the BDR/DR on the ethernet segment.

Additional OSPF config options can be found here -

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ip.html#wp1094564

Jon

944
Views
0
Helpful
2
Replies