Translate

Sunday, 31 January 2016

ASA ROUTE REDISTRUBUTION

ASA has configured to route addresses via RIP, EIGRP, OSPF and we need to redistribute between those:


#conf t (Configuration mode)
#router rip (Defining routing protocol)
#redistribute eigrp 100 metric 1 (Telling EIGRP 100 that i learn in metric of 1)
#redistribute ospf 1 metric 1 (Telling OSPF 1 that i learn in metric of 1)
#exit

#router ospf 1 (Defining routing protocol)
#redistribute rip subnets (Telling RIP that i learn in Subnet)
#redistribute eigrp 100 metric 1 (Telling EIGRP 100 that i learn in Subnet)


#router eigrp 100 (Defining routing protocol)
#redistribute RIP metric 1 1 1 1 1 (Defining RIP that i learn in metric of K5)
#redistribute OSPF 1 metric 1 1 1 1 1 (Defining OSPF that i learn in metric of K5) 

VERIFICATION

#sh  route

ASA ROUTING STATIC

ASA SUPPORTS IPV4 ROUTING VIA ...

1. Static routes
2. RIP V1/V2
3. OSPF
4. EIGRP & ..

STATIC TO POINT  INSIDE GATE WAY 100.100.100.254 (To route 100.100.100.100/24)

#Conf t (Configuration mode)
#route Inside 100.100.100.100 255.255.255.0 100.100.100.254 (Defining route)

We can change interface names as per our static requirements

VERIFICATION

#sh route inside

#sh route



ASA ROUTING RIP

 ASA SUPPORTS IPV4 ROUTING VIA ...

1. Static routes
2. RIP V1/V2
3. OSPF
4. EIGRP & ..

RIP (To route 100.100.100.100/24)

#conf t (Configuration mode)
#router rip  (Defining RIP as routing protocol) 
#no auto-summary (Disabling auto-summary)
#version 1 / 2
#network 100.100.100.100 (Advertising Network)


AUTHENTICATING RIP
#conf t (Configuration mode)
#int gi1 (interface to configure)
#rip authentication mode md5 (Defining rip to authenticate via md5)
#rip authentication key CcieSec@123 key-id 1 (Defining key id & secret)
VERIFICATION
#sh run | grep rip

ASA ROUTING EIGRP

ASA SUPPORTS IPV4 ROUTING VIA ...

1. Static routes
2. RIP V1/V2
3. OSPF
4. EIGRP & ..

EIGRP (To route 100.100.100.100/24)

#conf t (Configuration mode)
#router eigrp 100 (Defining process ID) 
#no auto-summary (Disabling auto-summary)
#eigrp router-id 1.1.1.1 (Defining router ID)
#network 100.100.100.100 (Advertising Network)

AUTHENTICATING EIGRP

#conf t (Configuration mode)
#int gi1 (interface to configure)
#authentication mode eigrp 100 md5 (Defining EIGRP to authenticate via md5)
#authentication key eigrp 100 CcieSec@123 key-id 1 (Defining key id & secret)


VERIFICATION

#sh run | grep eigrp

ASA ROUTING OSPF

ASA SUPPORTS IPV4 ROUTING VIA ...

1. Static routes
2. RIP V1/V2
3. OSPF
4. EIGRP & ..

OSPF (To route 100.100.100.100/24)

#conf t (Configuration mode)
#router ospf 1 (Calling router ospf mode with process ID as 1)
#router-id 1.1.1.1
#network 100.100.100.100 255.255.255.0 area 0 (Advertising 100.100.100.100/24)

We also have a other way of doing this as:

#interface gi1 (Pre configured)
#ip address 100.100.100.100 255.255.255.0 (Pre configured)
#security level 100 (Pre configured)
#nameif Inside (Pre configured)
#no shut (Pre configured)
#ip ospf 1 area 0 (Stating interface gi1 to be advertised by OSPF)

Verification which interface is been advertised by the ASA by OSPF

#show ospf interface

#show run | grep ospf

WE CAN ALSO AUTHENTICATE OUR LSA

#conf t (Configuration mode)
#int gi 1 (interface to configure)
#ospf authentication message-digest (Asking OSPF LSA to be authenticated by message-digest)
#ospf message-digest-key 1 md5 CcieSec@123 (Stating key to be used in message-digest)

WE CAN ALSO DEFINE WHO WILL BE OUR DR OR BDR BY DEFINING PRIORITY

#conf t (Configuration mode)
#int gi 1 (interface to configure)
#ospf priority 100 (Stating the priority on which DR or BDR is elected)


ASA BASIC INSTALLATION

Most of the basic installation on ASA are as same as our Router configs


Basic Interface configurations includes:
1. IP Addess
2. Security level
3. Naming interface
4. Waking Up the interface

IN THE BELOW EXAMPLE WE WILL CONFIGURE A SUB-INTERFACE

Interface Gi 1.1
Vlan 10
Ip address 100.100.100.100 /24
Security level 100

#configure terminal (Specifying the config mode)
#int gi 1.1 (Dividing the interface for vlan 10 only)
#vlan 10 (Assigning vlan 10 to above interface)
#ip address 100.100.100.100 255.255.255.0 (ip address)
#security-level 100 (Assigning the security level)
#nameif Inside (Naming the Interface)
#no shut (Waking up the interface)
#exit
#wr (Write)

We can also say

#wr mem (Write memory)

COMING BACK TO BASIC

There were lost of up's and down in mind and finally the mind has settled to work again thanks for hanging onn. And hope i will help more by my posts.