Hi Kevin and Marta, Excellent, thanks for the tip. I will write it down on my notes. The only thing in regards to Kevin is that the range may only work for ABRs.
range Summarize routes matching address/mask (border routers only) Thanks a bunch, I will write this down. Mike Rojas Date: Mon, 18 Mar 2013 17:16:27 -0400 From: [email protected] To: [email protected]; [email protected] CC: [email protected] Subject: Re: [OSL | CCIE_Security] FW: ASA OSPF Task 3 lab 2 The easiest solution is to use the OSPF "Range" command with the "no-advertise" option on the ASA. router ospf 1 area 0 range 2.2.2.2 255.255.255.255 not-advertise Marta has it right with the other solution only that the loopback interface that you're preventing would need to be a specific OSPF network type for the filter list to work. If you cannot adjust the routers' config to accomplish this.. then the range command on the ASA is your only and best option.From: Marta Sokolowska <[email protected]> Date: Monday, March 18, 2013 4:42 PM To: Mike Rojas <[email protected]> Cc: "[email protected]" <[email protected]> Subject: Re: [OSL | CCIE_Security] FW: ASA OSPF Task 3 lab 2 Mike, try using prefix-list filtering on ASA instead of dividing OSPF into two different processes. If you want to block prefix 2.2.2.2/32 from being advertised into another area, first configure prefix-list denying prefix 2.2.2.2/32 and allowing other prefixes: prefix-list OSPF seq 5 deny 2.2.2.2/32prefix-list OSPF seq 10 permit 0.0.0.0/0 le 32 Then apply it to OSPF configuration on ASA: router ospf 1 router-id 11.45.45.11 network 10.0.10.0 255.255.255.0 area 1 network 192.168.10.0 255.255.255.0 area 0 area 1 filter-list prefix OSPF out Marta Sokolowska. 2013/3/18 Mike Rojas <[email protected]> From: [email protected] To: [email protected] Subject: ASA OSPF Task 3 lab 2 Date: Sat, 16 Mar 2013 17:56:07 -0600 From: [email protected] To: [email protected] Subject: OSPF on ASA (Task 3 Lab 2) Date: Sat, 16 Mar 2013 15:26:25 -0600 Hi, I've been testing the sample Workbook that was released for ASA and since my GNS3 nor computer are that powerful, I've been breaking down the points and test them out before racking them up on Proctor labs. That being said, I am testing features so the question that I have may not reflect the same IP scheme nor the exact lab. Here is the question. Let's say we have 2 different Areas hooked up to the ASA firewall, On the outside I have network 10.0.10.0/24 (Area 1), there is only one router and It has a loopback with IP address 2.2.2.2 being advertised in the OSPF Process. On the inside, I have Area 0 with a similar configuration but with network 192.168.10.0/24 and loopback 4.4.4.4. The question says that I need to block a Loopback 2.2.2.2 for being advertised to Area 0. Keypoint there is that I cannot touch the routers. So, what I did was to divide 2 different process, 1 and 2, then created a Route-map with an standard ACL that was denying 2.2.2.2 and allowing 10.0.10.0/24. That worked, However, the task clearly specified that I needed to have Router ID 11.45.45.11, I did try to configure the same router-ID on the other process, but I got the following: ERROR: router-id 11.45.45.11 in use by ospf process 1. So I am checking if there is another way to solve this task or If I am doing it incorrectly. Hope it makes sense... Cheers, Mike. _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com -- -- Marta SokoĊowska. _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
