Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

OSPF route filtering on ASA

Hi,

Could someone guide me how can I filter the OSPF routes in cisco ASA inside interface. I want only my private network be part of OSPF configured on ASA. But I am getting other routes too from external networks. Pls. suggest.

Thanks,

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: OSPF route filtering on ASA

Hello,

Unfortunately, there does not seem to be an option on the firewall to filter routes. So, you might want to do it on the inside router itself. You can use "distribute-list out ".

You need to make sure that this configuration does not affect any of your other devices.

Hope this helps.

Regards,

NT

3 REPLIES
Cisco Employee

Re: OSPF route filtering on ASA

Hello,

Unfortunately, there does not seem to be an option on the firewall to filter routes. So, you might want to do it on the inside router itself. You can use "distribute-list out ".

You need to make sure that this configuration does not affect any of your other devices.

Hope this helps.

Regards,

NT

New Member

Re: OSPF route filtering on ASA

Hi NT,

Those are Type-5 AS External Link States and I tried distribute-list out , but it's not allowing me with and without interface command it's not resolved. I can see those routes in ASA. I tried distribute-in and out both on internal router (R3) but no help.

I am attching the topology too. I want few routes of Type-5 LSA's to stop to coming on R3 as well as FW. After applying distribut-list in, those routes are not there in sh ip route. But in sh ip ospf database, i can see those routes.

Pls. suggest how this can be possible.

Thanks,

Cisco Employee

Re: OSPF route filtering on ASA

i would suggest posting this query in routing community

because i had a similar issue and i was told by few routing experts in my org that OSPF architecture is such that we cannot block incoming routes from being sent accross firewall

what i mean is we cannot filter ospf updates like we do eigrp, the only way to stop updates coming from a different network is by stopping them at source

but as i said again i am not a routing expert, so i would suggest that this query be opened in routing community

3779
Views
0
Helpful
3
Replies
CreatePlease to create content