Routing Protocols

2017-11-03 09:05:07

As introduced in Chapter 6, "IP Routing", the security Cisco ASA supports RIP and OSPF. The following sections cover routing protocol configuration using ASDM.

RIP

To set up the RIP routing protocol, navigate to Configuration > Features > Routing > Routing > RIP. In Figure 19-11, SecureMe wants to configure the inside interface of Cisco ASA for RIP Version 2 with MD5 authentication. The authentication key is cisco123 and the key ID is 123. Cisco ASA will only inject a default route to the RIP-enabled devices toward the inside interface.

Figure 19-11. Setting Up RIP as the Routing Protocol

Example 19-4 shows the RIP configuration generated by ASDM.

Example 19-4. RIP Configuration Generated by ASDM

rip inside default version 2 authentication MD5 cisco123 123 rip inside passive version 2 authentication MD5 cisco123 123

OSPF

SecureMe is now planning to deploy OSPF in its inside network for dynamic routing. To set up OSPF, navigate to Configuration > Features > Routing > Routing > OSPF > Setup and click the Process Instances tab. You can enable OSPF globally and specify the OSPF process ID. Before you can set up OSPF, you need to disable RIP on the security Cisco ASA, because you cannot enable both routing protocols simultaneously. After you set up the process ID, click the Area/Networks tab to specify the OSPF area ID, as shown in Figure 19-12, in which the OSPF Process is set to 100 and the OSPF Area ID is 0. Because SecureMe wants to run OSPF on the inside interface, which has an IP address of 209.165.202.130, SecureMe's administrator has specified the IP address with a host mask of 255.255.255.255 in Figure 19-12.

Figure 19-12. Setting Up OSPF as the Routing Protocol

Example 19-5 shows the basic OSPF configuration that is generated by ASDM.

Example 19-5. OSPF Configuration Generated by ASDM

router ospf 100 log-adj-changes area 0 network 209.165.202.130 255.255.255.255 area 0

Note

You can configure either RIP or OSPF as the routing protocol on Cisco ASA.

Multicast

As discussed in Chapter 6, Cisco ASA supports multicast routing and uses PIM Sparse mode for dynamic routing. You can enable multicast routing by navigating to Configuration > Features > Routing > Multicast and clicking Enable Multicast Routing, as shown in Figure 19-13.

Figure 19-13. Enabling Multicast Routing

As the administrator, you can set up PIM Sparse mode by specifying a Rendezvous Point under Configuration > Features > Routing > Multicast > PIM > Rendezvous Points, as shown in Figure 19-14.

Figure 19-14. Specifying a Rendezvous Point

In Figure 19-14, SecureMe is using a Cisco IOS router at 192.168.10.2 as the Rendezvous Point and ASDM is being set up to use this address for all the multicast addresses. Example 19-6 shows the multicast configuration generated by ASDM.

Example 19-6. Multicast Configuration Generated by ASDM

multicast routing pim old-register-checksum pim rp-address 192.168.10.2 bidir

Категории