Eugene,
It may be a bug in the ASA code. I ran into the same issue in my test lab and I seem to recall this being a known bug. I am running version 8.0(4)32 on an old PIX. Thanks, *Matt Manire* *CCSP, CCNP, CCDP, MCSE* *2003 & MCSE 2000* *Information Systems Security Manager* [email protected] *t*: 817.525.1863 *f*: 817.525.1903 *m*: 817.271.9165 *First Rate* | 1903 Ascension Boulevard | Arlington, TX 76006| www.FirstRate.com <http://www.firstrate.com/> *From:* [email protected] [mailto: [email protected]] *On Behalf Of *Eugene Pefti *Sent:* Monday, June 18, 2012 10:13 PM *To:* ccie security *Subject:* [OSL | CCIE_Security] EIGRP distribute-list on ASA Guys, What’s wrong with my distribute-list that I’m trying to setup on the ASA to allow only routes 192.10.1.0/24 and 150.1.7.7 to send to R4 ? The topology is as follows: BB2---(192.10.1.0)--------SW1 ------------- (EIGRP)--------ASA--------(EIGRP)---------R4 (loopback-150.1.7.7) I create an ACL on the ASA to include the above said networks to be included in EIGRP updates: *access-list EIGRP-REDIST standard permit host 150.1.7.7* *access-list EIGRP-REDIST standard permit 192.10.1.0 255.255.255.0* and instruct it to send an update to R4 on its OUT interface *router eigrp 100* * distribute-list EIGRP-REDIST out interface OUT* * network 163.1.124.0 255.255.255.0* * network 163.1.127.0 255.255.255.0* * * Then I verify routes on R4 and see that there’s route to 192.10.1.0/24network but no route to 150.1.7.7 Removing the distribute-list restores the route to SW1 loopback on R4. Eugene
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
