Johan,
On the router you most likely have a space after the password. Your password is most likely "ipexpert ". There are no bugs with running rip between a router and the ASA with authentication. I am doing it right now on my rack without issues. As the ASA has the password with following strings it is most likely not the ASA that has the problem. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Johan Bornman Sent: Saturday, May 08, 2010 6:05 AM To: 'Piotr Matusiak' Cc: 'Kingsley Charles'; [email protected] Subject: Re: [OSL | CCIE_Security] Lab 1a, Task 1.2 - RIP Authentication Yes, checked/reconfigured it a few times. From: Piotr Matusiak [mailto:[email protected]] Sent: 08 May 2010 10:49 AM To: Johan Bornman Cc: Kingsley Charles; [email protected] Subject: Re: [OSL | CCIE_Security] Lab 1a, Task 1.2 - RIP Authentication Are you sure you have the same key on both sides? A common mistake is when ppl adding space after the key. Just a thought. 2010/5/8 Johan Bornman <[email protected]> Thanks, Kings. I am busy doing that. From: Kingsley Charles [mailto:[email protected]] Sent: 08 May 2010 10:08 AM To: Johan Bornman Cc: [email protected] Subject: Re: [OSL | CCIE_Security] Lab 1a, Task 1.2 - RIP Authentication Not sure Johan what could the problem :-( You can paste the error message on google and see many reasons/suggestions for the issue. That's how I solve some issues, With regards Kings On Sat, May 8, 2010 at 1:35 PM, Johan Bornman <[email protected]> wrote: Kings, No change after shut and no shut. Johan From: Kingsley Charles [mailto:[email protected]] Sent: 08 May 2010 09:39 AM To: Johan Bornman Cc: [email protected] Subject: Re: [OSL | CCIE_Security] Lab 1a, Task 1.2 - RIP Authentication Try this Johan. Apply the authentication, shut both the ASA and router's interface and then unshut after sometime. With regards Kings On Sat, May 8, 2010 at 1:03 PM, Johan Bornman <[email protected]> wrote: Kings, I reloaded already, no change. The EIGRP and OSPF authentication in later tasks works fine. The rip updates are good when authentication is removed. Johan From: Kingsley Charles [mailto:[email protected]] Sent: 08 May 2010 09:29 AM To: Johan Bornman Subject: Re: [OSL | CCIE_Security] Lab 1a, Task 1.2 - RIP Authentication Johan, your config seems to fine. It just tries to see, if the hash matches and ignores when it doesn't match. May be you can try to reload ASA once :-) With regards Kings On Sat, May 8, 2010 at 12:54 PM, Johan Bornman <[email protected]> wrote: Kings, I re-entered the key but there is no change. Johan From: Johan Bornman [mailto:[email protected]] Sent: 08 May 2010 09:16 AM To: 'Kingsley Charles' Subject: RE: [OSL | CCIE_Security] Lab 1a, Task 1.2 - RIP Authentication I have but will give it another try. From: Kingsley Charles [mailto:[email protected]] Sent: 08 May 2010 09:15 AM To: Johan Bornman Cc: [email protected] Subject: Re: [OSL | CCIE_Security] Lab 1a, Task 1.2 - RIP Authentication Can you try re-entering the rip authentication key on the ASA with key "ipexpert" again. On Sat, May 8, 2010 at 12:34 PM, Johan Bornman <[email protected]> wrote: Yes From: Kingsley Charles [mailto:[email protected]] Sent: 08 May 2010 09:01 AM To: Johan Bornman Cc: [email protected] Subject: Re: [OSL | CCIE_Security] Lab 1a, Task 1.2 - RIP Authentication Did you enable version 2 on both the sides? On Sat, May 8, 2010 at 12:14 PM, Johan Bornman <[email protected]> wrote: Hi, My config as per the solutions guide, but I am having RIP authentication issues, according to the debugs. ASA Config interface Ethernet0/1 nameif Inside security-level 100 ip address 10.2.2.10 255.255.255.0 standby 10.2.2.11 rip authentication mode md5 rip authentication key <removed> key_id 1 (removed=ipexpert) Debug: RIP: sending v2 update to 224.0.0.9 via Inside (10.2.2.10) RIP: build update entries 0.0.0.0 0.0.0.0 via 0.0.0.0, metric 1, tag 0 10.7.7.0 255.255.255.0 via 0.0.0.0, metric 1, tag 0 10.8.8.0 255.255.255.0 via 0.0.0.0, metric 1, tag 0 RIP: Update contains 3 routes RIP: Update queued RIP: Update sent via Inside rip-len:112 RIP: ignored v2 packet from 10.2.2.5 (invalid authentication) R5 Config key chain RIP key 1 key-string ipexpert interface FastEthernet0/1.2 encapsulation dot1Q 2 ip address 10.2.2.5 255.255.255.0 ip rip authentication mode md5 ip rip authentication key-chain RIP Debug: R5# *May 8 06:40:14.311: RIP: received packet with MD5 authentication *May 8 06:40:14.311: RIP: ignored v2 packet from 10.2.2.10 (invalid authentication) R5# *May 8 06:40:15.675: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/1.2 (10.2.2.5) *May 8 06:40:15.675: RIP: build update entries *May 8 06:40:15.675: 10.1.1.0/24 via 0.0.0.0, metric 1, tag 0 _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com <http://www.ipexpert.com/> _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
