Re: Problems with ASA5510 and RIP

Fabio Grasso · ‎04-21-2010

I've configured rip with these commands:
router rip
network 192.168.2.0
network 192.168.10.0
passive-interface outside
passive-interface dmz
redistribute connected metric transparent
redistribute static metric 2
version 2

!inside:
interface Ethernet 0
ip authentication key xxxxxx key_id 1
ip rip authentication mode md5

And I've put the ASA on a working rip environment. ASA don't receive and send RIP information.

I've tried to enable debug (debug rip events and debug rip database) but there aren't message about rip. It seems like that RIP process don't start.

Any suggestion?

Thanks,
Fabio

Jon Marshall · ‎04-21-2010

fabio.grasso wrote:
I've configured rip with these commands:
router rip
 network 192.168.2.0
 network 192.168.10.0
 passive-interface outside
 passive-interface dmz
 redistribute connected metric transparent
 redistribute static metric 2
 version 2
!inside:
interface Ethernet 0  
  ip authentication key xxxxxx key_id 1 
  ip rip authentication mode md5
Any suggestion?
Thanks,
   Fabio

Fabio

What is the inside interface IP address on your firewall ?

Jon

Fabio Grasso · ‎04-21-2010

The internal IP is 192.168.2.201/23

Thanks,

Fabio

Fabio Grasso · ‎04-21-2010

Well... this problem is making me crazy.

I've done some test and this is the results: if I change my internal ip to 192.168.2.201/24 the RIP works fine, if I set it to 192.168.2.201/23 (that is the correct netmask), RIP stop to works on that interface.

I've the same problem on ASA5510 and on a Catalyst 3750G (with IPBASE).

I've said that I put this appliance on an existent RIP environment, but in fact there is the first time that we use the RIP o that subnet (all the other router and switch with RIP are in another network that we use for the comunication between our branch offices).

What I don't understand is why we have this behavior. RIP v 1 is a classful protocol, but v 2 is classless so I suppose that works fine also with supernet/subnet.

Any suggestion?

Thanks,

Fabio

KARUPPUCHAMY MALAIYANDI · ‎04-21-2010

Hi,

as per your post, if you have changed the mask, then rip works fine...suspecting the interface config of the other end.

what is the mask you assigned the other end of firewall(inside) interface

Thanks

Karuppu

KARUPPUCHAMY MALAIYANDI · ‎04-21-2010

Hi,

as per your post, if you have changed the mask, then rip works fine...suspecting the interface config of the other end.

what is the mask you assigned the other end of firewall(inside) interface

Thanks

Karuppu

Fabio Grasso · ‎04-21-2010

On the firewall the mask is the same as in the switch.

Firewall:

interface Ethernet0/0
nameif inside
security-level 100
ip address 192.168.2.201 255.255.254.0 standby 192.168.2.202
rip authentication mode md5
rip authentication key ***** key_id 1
!

router rip
passive-interface dmz
passive-interface dmz2
passive-interface outside
redistribute connected
redistribute static
version 2
!

Switch:

key chain ripkey
key 1
key-string ******

!

interface Vlan2
ip address 192.168.2.4 255.255.254.0
ip rip authentication mode md5
ip rip authentication key-chain ripkey
!

interface Vlan255
description VLAN RETE COLT
bandwidth 102400
ip address 192.168.255.4 255.255.255.0
ip rip authentication mode md5
ip rip authentication key-chain ripkey
!
router rip
version 2
network 192.168.2.0
network 192.168.255.0
default-information originate
!

interface GigabitEthernet1/0/2

description ASA5510

switchport access vlan 2
switchport mode access
!

In the VLAN 255 the RIP packet are correctly send and received. On VLAN2 no.

The version of ASA is 8.2(2) (afaik the latest rel of 8.2). And the switch is v. 12.2(25r)SEE4. But since I've the same problem on both switch and firewall I suppose that isn't a software bug.

Thanks,

Fabio