The easiest solution is to use the OSPF "Range" command with the "no-advertise" option on the ASA.
router ospf 1 area 0 range 2.2.2.2 255.255.255.255 not-advertise Marta has it right with the other solution only that the loopback interface that you're preventing would need to be a specific OSPF network type for the filter list to work. If you cannot adjust the routers' config to accomplish this.. then the range command on the ASA is your only and best option. From: Marta Sokolowska <[email protected]> Date: Monday, March 18, 2013 4:42 PM To: Mike Rojas <[email protected]> Cc: "[email protected]" <[email protected]> Subject: Re: [OSL | CCIE_Security] FW: ASA OSPF Task 3 lab 2 Mike, try using prefix-list filtering on ASA instead of dividing OSPF into two different processes. If you want to block prefix 2.2.2.2/32 <http://2.2.2.2/32> from being advertised into another area, first configure prefix-list denying prefix 2.2.2.2/32 <http://2.2.2.2/32> and allowing other prefixes: prefix-list OSPF seq 5 deny 2.2.2.2/32 <http://2.2.2.2/32> prefix-list OSPF seq 10 permit 0.0.0.0/0 <http://0.0.0.0/0> le 32 Then apply it to OSPF configuration on ASA: router ospf 1 router-id 11.45.45.11 network 10.0.10.0 255.255.255.0 area 1 network 192.168.10.0 255.255.255.0 area 0 area 1 filter-list prefix OSPF out Marta Sokolowska. 2013/3/18 Mike Rojas <[email protected]> > > > > From: [email protected] > To: [email protected] > Subject: ASA OSPF Task 3 lab 2 > Date: Sat, 16 Mar 2013 17:56:07 -0600 > > > From: [email protected] > To: [email protected] > Subject: OSPF on ASA (Task 3 Lab 2) > Date: Sat, 16 Mar 2013 15:26:25 -0600 > > Hi, > > I've been testing the sample Workbook that was released for ASA and since my > GNS3 nor computer are that powerful, I've been breaking down the points and > test them out before racking them up on Proctor labs. That being said, I am > testing features so the question that I have may not reflect the same IP > scheme nor the exact lab. > > Here is the question. > > Let's say we have 2 different Areas hooked up to the ASA firewall, On the > outside I have network 10.0.10.0/24 <http://10.0.10.0/24> (Area 1), there is > only one router and It has a loopback with IP address 2.2.2.2 being > advertised in the OSPF Process. > > On the inside, I have Area 0 with a similar configuration but with network > 192.168.10.0/24 <http://192.168.10.0/24> and loopback 4.4.4.4. The question > says that I need to block a Loopback 2.2.2.2 for being advertised to Area 0. > Keypoint there is that I cannot touch the routers. > > So, what I did was to divide 2 different process, 1 and 2, then created a > Route-map with an standard ACL that was denying 2.2.2.2 and allowing > 10.0.10.0/24 <http://10.0.10.0/24> . > > That worked, However, the task clearly specified that I needed to have Router > ID 11.45.45.11, I did try to configure the same router-ID on the other > process, but I got the following: > > ERROR: router-id 11.45.45.11 in use by ospf process 1. > > So I am checking if there is another way to solve this task or If I am doing > it incorrectly. > > Hope it makes sense... > > Cheers, > > Mike. > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com <http://www.ipexpert.com> > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com <http://www.PlatinumPlacement.com> -- -- Marta SokoĊowska. _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
