Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Problems with ASA5510 and RIP

I've configured rip with these commands:
router rip
network 192.168.2.0
network 192.168.10.0
passive-interface outside
passive-interface dmz
redistribute connected metric transparent
redistribute static metric 2
version 2

!inside:
interface Ethernet 0 
  ip authentication key xxxxxx key_id 1
  ip rip authentication mode md5


And I've put the ASA on a working rip environment. ASA don't receive and send RIP information.

I've tried to enable debug (debug rip events and debug rip database) but there aren't message about rip. It seems like that RIP process don't start.

Any suggestion?

Thanks,
   Fabio

Everyone's tags (3)
6 REPLIES
Hall of Fame Super Blue

Re: Problems with ASA5510 and RIP

fabio.grasso wrote:

I've configured rip with these commands:
router rip
network 192.168.2.0
network 192.168.10.0
passive-interface outside
passive-interface dmz
redistribute connected metric transparent
redistribute static metric 2
version 2

!inside:
interface Ethernet 0 
  ip authentication key xxxxxx key_id 1
  ip rip authentication mode md5

Any suggestion?

Thanks,
   Fabio

Fabio

What is the inside interface IP address on your firewall ?

Jon

Community Member

Re: Problems with ASA5510 and RIP

The internal IP is 192.168.2.201/23

Thanks,

  Fabio

Community Member

Re: Problems with ASA5510 and RIP

Well... this problem is making me crazy.

I've done some test and this is the results: if I change my internal ip to 192.168.2.201/24 the RIP works fine, if I set it to 192.168.2.201/23 (that is the correct netmask), RIP stop to works on that interface.

I've the same problem on ASA5510 and on a Catalyst 3750G (with IPBASE).

I've said that I put this appliance on an existent RIP environment, but in fact there is the first time that we use the RIP o that subnet (all the other router and switch with RIP are in another network that we use for the comunication between our branch offices).

What I don't understand is why we have this behavior. RIP v 1 is a classful protocol, but v 2 is classless so I suppose that works fine also with supernet/subnet.


Any suggestion?

Thanks,

   Fabio

Re: Problems with ASA5510 and RIP

Hi,

as per your post, if you have changed the mask, then rip works fine...suspecting the interface config of the other end.

what is the mask you assigned the other end of firewall(inside) interface

Thanks

Karuppu

Re: Problems with ASA5510 and RIP

Hi,

as per your post, if you have changed the mask, then rip works fine...suspecting the interface config of the other end.

what is the mask you assigned the other end of firewall(inside) interface

Thanks

Karuppu

Community Member

Re: Problems with ASA5510 and RIP

On the firewall the mask is the same as in the switch.

Firewall:

interface Ethernet0/0
nameif inside
security-level 100
ip address 192.168.2.201 255.255.254.0 standby 192.168.2.202
rip authentication mode md5
rip authentication key ***** key_id 1
!

router rip
passive-interface dmz
passive-interface dmz2
passive-interface outside
redistribute connected
redistribute static
version 2
!

Switch:

key chain ripkey
key 1
  key-string ******

!

interface Vlan2
ip address 192.168.2.4 255.255.254.0
ip rip authentication mode md5
ip rip authentication key-chain ripkey
!

interface Vlan255
description VLAN RETE COLT
bandwidth 102400
ip address 192.168.255.4 255.255.255.0
ip rip authentication mode md5
ip rip authentication key-chain ripkey
!
router rip
version 2
network 192.168.2.0
network 192.168.255.0
default-information originate
!

interface GigabitEthernet1/0/2

description ASA5510

switchport access vlan 2
switchport mode access
!

In the VLAN 255 the RIP packet are correctly send and received. On VLAN2 no.

The version of ASA is 8.2(2) (afaik the latest rel of 8.2). And the switch is v. 12.2(25r)SEE4. But since I've the same problem on both switch and firewall I suppose that isn't a software bug.

Thanks,

  Fabio

695
Views
0
Helpful
6
Replies
CreatePlease to create content