Cisco ASA Supports Two OSPF Processes
March 6, 2008 by Greg Ferro · 6 Comments
Sometimes, thinking too much stops you from checking the basics. I have often wished that the Cisco ASA supported more than one routing process like the Juniper Netscreen does (which does this brilliantly). Why didn’t I look for this sooner ?-
The security appliance can run two processes of OSPF protocol simultaneously, on different sets of interfaces. You might want to run two processes if you have interfaces that use the same IP addresses (NAT allows these interfaces to coexist, but OSPF does not allow overlapping addresses). Or you might want to run one process on the inside, and another on the outside, and redistribute a subset of routes between the two processes. Similarly, you might need to segregate private addresses from public addresses.
You can redistribute routes into an OSPF routing process from another OSPF routing process, a RIP routing process, or from static and connected routes configured on OSPF-enabled interfaces.
This is a kewl feature and allows for some fancy routing capabilities.
router ospf 1 network 192.168.1.0 255.255.255.0 area 0 area 0 authentication message-digest log-adj-changes redistribute ospf 2 metric 100 subnets ! router ospf 2 network 192.168.2.0 255.255.255.0 area 0 area 0 authentication message-digest log-adj-changes redistribute ospf 1 metric 100 subnets
A related article Why Two Routing Processes as requested by Christian in the comments.
Please rate this post:
Why Rate Posts?
(1 votes, average: 9.00 out of 10)
Loading ...Probably Related Posts on the Same Topic
Why Use Two Routing Processes in a Firewall ?
In a recent post on Two OSPF Processes on an ASA firewall Christian asked why you would want to do this. Here is one case of a design that needs secure routing :
Read the full articleQuiz: Redistributing Static Routes in EIGRP. Which of These Is Better ?
I was working on some changes today with a co-worker and was faced with this interesting question. There are a number of ways to redistribute static routes in EIGRP, but one is definitely better than the other. Tell me why ?
Read the full articleBidirectional Forwarding Detection [Cisco IOS Software] — Cisco Systems
BFD is a most useful feature of IOS, and IMHO, a much unloved feature. I notice that latest releases of IOS now have BFD for static routing, but more importantly now supports HSRP
standby bfd
Example:
Router(config-if)# standby bfd
(Optional) Enables HSRP support for BFD on the interface
standby bfd all-interfacesExample:
Router(config)# standby bfd all-interfaces
(Optional) Enables HSRP support for BFD on all interfaces.
Bidirectional Forwarding Detection [Cisco IOS Software] — Cisco Systems: “”
Read the full articlePerformance of Blue Coat BCAAA Agent for Authentication
A common question in the Blue Coat forums is about the server specification for the BCAAA and how many users can be supported. While I am not sure sure about the performance that Blue Coat recommends I can tell you my experiences.
…
Read the full article
Multiple OSPF PID’s were available even on the PIX 6.3 code
i’ve always wondered how many people are actually using routing protocols on firewalls..
i was never really fond of the idea, dont know why, but then again im an SP guy, so firewalls are firewalls , and routers are for routing traffic
i’d definitely love to read of some scenarios/architectures where one would want to run ospf on an asa
c
Andrew — I have been working on PIX since V3 (i.e. directly after Cisco acquired the company) and somehow just wasn’t expecting it. Sometimes you get to a point where you stop reading the release notes.
Mental note to self — must spend more time looking at release notes
–sigh–
Christian — thanks for your post, I have some ideas for an article and I will make a post in the next few weeks.
Hello
Typical scenarii where OSPF can be useful: ASA on headend configured as an IPSEC termination, hub and spoke with ASA and ISR,…