Translate

Thursday, 21 December 2017

Dynamic Routing on ASA #RIP V2

Hello and welcome to the tutorial on building up the Cisco ASA step by step.



In this tutorial we will learn how to configure dynamic routing protocol (RIPv2) along with route filtering and neighbor authentication on the Cisco ASA.


Basic Routing Information







Static routing was always an painful
& manual work  to  do.
Every time the topology changed, we
need to go and add the routes  manually every where so that the traffic can be forwarded to the next hop.

To automate the process we use dynamic routing protocols like :
RIP
OSPF
EIGRP


Each of them Static or Dynamic have their own use case and important on the required point.

Routing Information Protocol (RIP) V2


 RIP is a distance-vector routing protocol.
It uses hop count as the metric for path selection.
RIP V2 uses 224.0.0.9 as an multicast IP addresses and has a AD value of 120.

The ASA supports both RIP Version 1 and RIP Version 2.

As compared to RIP Version 1 Version 2 now sends the subnet mask with the routing update and also supports variable-length subnet masks.

RIP Version 2 now also supports neighbor authentication when routing updates are exchanged.
This authentication ensures that the ASA receives reliable routing information from a trusted source.



Requirement:

We have to configure RIPV2 on ASA such as :
All the internal LAN IP addresses on Internal network, on DMZ network and on DMZ 2 network can be found in routing map of ASA.




Commands:

ASA# configure terminal
ASA(config)# router rip
ASA(config-router)# version 2
ASA(config-router)# no auto-summary
ASA(config-router)# network 192.168.1.0
ASA(config-router)# network 192.168.2.0
ASA(config-router)# network 192.168.3.0



 Route Filtering:

Configure route filtering such as DMZ router will not be given any RIP  updates:




Commands:

 ASA(config)# router rip
ASA(config-router)# passive-interface DMZ





 Neighbor Authentication:
Configure route Authentication such as no routing will be exchanged until both ASA and DMZ Router Authenticate each other.


Commands:

 ASA# configure terminal
ASA(config)# int gigabitEthernet 1
ASA(config-if)# rip authentication mode md5
ASA(config-if)# rip authentication key OnionS key_id 1




Youtube Channel                Facebook Group

Onion Secure                       Onion Secure




No comments:

Post a Comment