Hello and welcome to the tutorial on building up the Cisco ASA step by step.
In this tutorial we will learn how to configure dynamic routing protocol (RIPv2) along with route filtering and neighbor authentication on the Cisco ASA.
Basic Routing Information
Static routing was always an painful
& manual work to do.
Every time the topology changed, we
need to go and add the routes manually every where so that the traffic can be forwarded to the next hop.
& manual work to do.
Every time the topology changed, we
need to go and add the routes manually every where so that the traffic can be forwarded to the next hop.
To automate the process we use dynamic routing protocols like :
RIP
OSPF
EIGRP
RIP
OSPF
EIGRP
Each of them Static or Dynamic have their own use case and important on the required point.
Routing Information Protocol (RIP) V2
RIP is a distance-vector routing protocol.
It uses hop count as the metric for path selection.
RIP V2 uses 224.0.0.9 as an multicast IP addresses and has a AD value of 120.
The ASA supports both RIP Version 1 and RIP Version 2.
As compared to RIP Version 1 Version 2 now sends the subnet mask with the routing update and also supports variable-length subnet masks.
RIP Version 2 now also supports neighbor authentication when routing updates are exchanged.
This authentication ensures that the ASA receives reliable routing information from a trusted source.
Requirement:
We have to configure RIPV2 on ASA such as :All the internal LAN IP addresses on Internal network, on DMZ network and on DMZ 2 network can be found in routing map of ASA.
Commands:
ASA# configure terminalASA(config)# router rip
ASA(config-router)# version 2
ASA(config-router)# no auto-summary
ASA(config-router)# network 192.168.1.0
ASA(config-router)# network 192.168.2.0
ASA(config-router)# network 192.168.3.0
Route Filtering:
Configure route filtering such as DMZ router will not be given any RIP updates:
Commands:
ASA(config)# router ripASA(config-router)# passive-interface DMZ
Neighbor Authentication:
Configure route Authentication such as no routing will be exchanged until both ASA and DMZ Router Authenticate each other.
Commands:
ASA# configure terminalASA(config)# int gigabitEthernet 1
ASA(config-if)# rip authentication mode md5
ASA(config-if)# rip authentication key OnionS key_id 1
No comments:
Post a Comment