Till yesterday I started to stay and try things out and continue with the labs. It work, I just dont understand why you have to put the "le 32".
It work anyways :). I am sure there was another questions with the next task, I will try it out, if not I will ask you guys again :). Mike. Date: Mon, 18 Mar 2013 21:42:49 +0100 Subject: Re: [OSL | CCIE_Security] FW: ASA OSPF Task 3 lab 2 From: [email protected] To: [email protected] CC: [email protected] Mike, try using prefix-list filtering on ASA instead of dividing OSPF into two different processes. If you want to block prefix 2.2.2.2/32 from being advertised into another area, first configure prefix-list denying prefix 2.2.2.2/32 and allowing other prefixes: prefix-list OSPF seq 5 deny 2.2.2.2/32prefix-list OSPF seq 10 permit 0.0.0.0/0 le 32 Then apply it to OSPF configuration on ASA: router ospf 1 router-id 11.45.45.11 network 10.0.10.0 255.255.255.0 area 1 network 192.168.10.0 255.255.255.0 area 0 area 1 filter-list prefix OSPF out Marta Sokolowska. 2013/3/18 Mike Rojas <[email protected]> From: [email protected] To: [email protected] Subject: ASA OSPF Task 3 lab 2 Date: Sat, 16 Mar 2013 17:56:07 -0600 From: [email protected] To: [email protected] Subject: OSPF on ASA (Task 3 Lab 2) Date: Sat, 16 Mar 2013 15:26:25 -0600 Hi, I've been testing the sample Workbook that was released for ASA and since my GNS3 nor computer are that powerful, I've been breaking down the points and test them out before racking them up on Proctor labs. That being said, I am testing features so the question that I have may not reflect the same IP scheme nor the exact lab. Here is the question. Let's say we have 2 different Areas hooked up to the ASA firewall, On the outside I have network 10.0.10.0/24 (Area 1), there is only one router and It has a loopback with IP address 2.2.2.2 being advertised in the OSPF Process. On the inside, I have Area 0 with a similar configuration but with network 192.168.10.0/24 and loopback 4.4.4.4. The question says that I need to block a Loopback 2.2.2.2 for being advertised to Area 0. Keypoint there is that I cannot touch the routers. So, what I did was to divide 2 different process, 1 and 2, then created a Route-map with an standard ACL that was denying 2.2.2.2 and allowing 10.0.10.0/24. That worked, However, the task clearly specified that I needed to have Router ID 11.45.45.11, I did try to configure the same router-ID on the other process, but I got the following: ERROR: router-id 11.45.45.11 in use by ospf process 1. So I am checking if there is another way to solve this task or If I am doing it incorrectly. Hope it makes sense... Cheers, Mike. _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com -- -- Marta SokoĊowska.
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
