Translate

Sunday 31 January 2016

ASA ROUTE REDISTRUBUTION

ASA has configured to route addresses via RIP, EIGRP, OSPF and we need to redistribute between those:


#conf t (Configuration mode)
#router rip (Defining routing protocol)
#redistribute eigrp 100 metric 1 (Telling EIGRP 100 that i learn in metric of 1)
#redistribute ospf 1 metric 1 (Telling OSPF 1 that i learn in metric of 1)
#exit

#router ospf 1 (Defining routing protocol)
#redistribute rip subnets (Telling RIP that i learn in Subnet)
#redistribute eigrp 100 metric 1 (Telling EIGRP 100 that i learn in Subnet)


#router eigrp 100 (Defining routing protocol)
#redistribute RIP metric 1 1 1 1 1 (Defining RIP that i learn in metric of K5)
#redistribute OSPF 1 metric 1 1 1 1 1 (Defining OSPF that i learn in metric of K5) 

VERIFICATION

#sh  route
Posted by at No comments:

ASA ROUTING STATIC

ASA SUPPORTS IPV4 ROUTING VIA ...

1. Static routes
2. RIP V1/V2
3. OSPF
4. EIGRP & ..

STATIC TO POINT  INSIDE GATE WAY 100.100.100.254 (To route 100.100.100.100/24)

#Conf t (Configuration mode)
#route Inside 100.100.100.100 255.255.255.0 100.100.100.254 (Defining route)

We can change interface names as per our static requirements

VERIFICATION

#sh route inside

#sh route



Posted by at No comments:

ASA ROUTING RIP

 ASA SUPPORTS IPV4 ROUTING VIA ...

1. Static routes
2. RIP V1/V2
3. OSPF
4. EIGRP & ..

RIP (To route 100.100.100.100/24)

#conf t (Configuration mode)
#router rip  (Defining RIP as routing protocol) 
#no auto-summary (Disabling auto-summary)
#version 1 / 2
#network 100.100.100.100 (Advertising Network)


AUTHENTICATING RIP
#conf t (Configuration mode)
#int gi1 (interface to configure)
#rip authentication mode md5 (Defining rip to authenticate via md5)
#rip authentication key CcieSec@123 key-id 1 (Defining key id & secret)
VERIFICATION
#sh run | grep rip
Posted by at No comments:

ASA ROUTING EIGRP

ASA SUPPORTS IPV4 ROUTING VIA ...

1. Static routes
2. RIP V1/V2
3. OSPF
4. EIGRP & ..

EIGRP (To route 100.100.100.100/24)

#conf t (Configuration mode)
#router eigrp 100 (Defining process ID) 
#no auto-summary (Disabling auto-summary)
#eigrp router-id 1.1.1.1 (Defining router ID)
#network 100.100.100.100 (Advertising Network)

AUTHENTICATING EIGRP

#conf t (Configuration mode)
#int gi1 (interface to configure)
#authentication mode eigrp 100 md5 (Defining EIGRP to authenticate via md5)
#authentication key eigrp 100 CcieSec@123 key-id 1 (Defining key id & secret)


VERIFICATION

#sh run | grep eigrp
Posted by at No comments:

ASA ROUTING OSPF

ASA SUPPORTS IPV4 ROUTING VIA ...

1. Static routes
2. RIP V1/V2
3. OSPF
4. EIGRP & ..

OSPF (To route 100.100.100.100/24)

#conf t (Configuration mode)
#router ospf 1 (Calling router ospf mode with process ID as 1)
#router-id 1.1.1.1
#network 100.100.100.100 255.255.255.0 area 0 (Advertising 100.100.100.100/24)

We also have a other way of doing this as:

#interface gi1 (Pre configured)
#ip address 100.100.100.100 255.255.255.0 (Pre configured)
#security level 100 (Pre configured)
#nameif Inside (Pre configured)
#no shut (Pre configured)
#ip ospf 1 area 0 (Stating interface gi1 to be advertised by OSPF)

Verification which interface is been advertised by the ASA by OSPF

#show ospf interface

#show run | grep ospf

WE CAN ALSO AUTHENTICATE OUR LSA

#conf t (Configuration mode)
#int gi 1 (interface to configure)
#ospf authentication message-digest (Asking OSPF LSA to be authenticated by message-digest)
#ospf message-digest-key 1 md5 CcieSec@123 (Stating key to be used in message-digest)

WE CAN ALSO DEFINE WHO WILL BE OUR DR OR BDR BY DEFINING PRIORITY

#conf t (Configuration mode)
#int gi 1 (interface to configure)
#ospf priority 100 (Stating the priority on which DR or BDR is elected)


Posted by at No comments:

ASA BASIC INSTALLATION

Most of the basic installation on ASA are as same as our Router configs


Basic Interface configurations includes:
1. IP Addess
2. Security level
3. Naming interface
4. Waking Up the interface

IN THE BELOW EXAMPLE WE WILL CONFIGURE A SUB-INTERFACE

Interface Gi 1.1
Vlan 10
Ip address 100.100.100.100 /24
Security level 100

#configure terminal (Specifying the config mode)
#int gi 1.1 (Dividing the interface for vlan 10 only)
#vlan 10 (Assigning vlan 10 to above interface)
#ip address 100.100.100.100 255.255.255.0 (ip address)
#security-level 100 (Assigning the security level)
#nameif Inside (Naming the Interface)
#no shut (Waking up the interface)
#exit
#wr (Write)

We can also say

#wr mem (Write memory)
Posted by at No comments:

COMING BACK TO BASIC

There were lost of up's and down in mind and finally the mind has settled to work again thanks for hanging onn. And hope i will help more by my posts.

Posted by at No comments:
Subscribe to: Posts (Atom)