Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5326
Views
0
Helpful
3
Replies

OSPF route filtering on ASA

Go to solution
winpwnkmr
Level 1
Level 1

‎07-15-2010 10:28 AM - edited ‎03-11-2019 11:12 AM

Hi,

Could someone guide me how can I filter the OSPF routes in cisco ASA inside interface. I want only my private network be part of OSPF configured on ASA. But I am getting other routes too from external networks. Pls. suggest.

Thanks,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee

‎07-15-2010 02:58 PM

Hello,

Unfortunately, there does not seem to be an option on the firewall to filter routes. So, you might want to do it on the inside router itself. You can use "distribute-list out ".

You need to make sure that this configuration does not affect any of your other devices.

Hope this helps.

Regards,

NT

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee

‎07-15-2010 02:58 PM

Hello,

Unfortunately, there does not seem to be an option on the firewall to filter routes. So, you might want to do it on the inside router itself. You can use "distribute-list out ".

You need to make sure that this configuration does not affect any of your other devices.

Hope this helps.

Regards,

NT

0 Helpful

Go to solution
winpwnkmr
Level 1
Level 1
In response to Nagaraja Thanthry

‎07-16-2010 02:06 AM

Hi NT,

Those are Type-5 AS External Link States and I tried distribute-list out , but it's not allowing me with and without interface command it's not resolved. I can see those routes in ASA. I tried distribute-in and out both on internal router (R3) but no help.

I am attching the topology too. I want few routes of Type-5 LSA's to stop to coming on R3 as well as FW. After applying distribut-list in, those routes are not there in sh ip route. But in sh ip ospf database, i can see those routes.

Pls. suggest how this can be possible.

Thanks,

Preview file
29 KB
0 Helpful

Go to solution
Jitendriya Athavale
Cisco Employee
Cisco Employee
In response to winpwnkmr

‎07-18-2010 12:15 AM

i would suggest posting this query in routing community

because i had a similar issue and i was told by few routing experts in my org that OSPF architecture is such that we cannot block incoming routes from being sent accross firewall

what i mean is we cannot filter ospf updates like we do eigrp, the only way to stop updates coming from a different network is by stopping them at source

but as i said again i am not a routing expert, so i would suggest that this query be opened in routing community

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card