As introduced in Chapter 6, "IP Routing", the security Cisco ASA supports RIP and OSPF. The following sections cover routing protocol configuration using ASDM.
To set up the RIP routing protocol, navigate to Configuration > Features > Routing > Routing > RIP. In Figure 19-11, SecureMe wants to configure the inside interface of Cisco ASA for RIP Version 2 with MD5 authentication. The authentication key is cisco123 and the key ID is 123. Cisco ASA will only inject a default route to the RIP-enabled devices toward the inside interface.
Figure 19-11. Setting Up RIP as the Routing Protocol
Example 19-4 shows the RIP configuration generated by ASDM.
Example 19-4. RIP Configuration Generated by ASDM
rip inside default version 2 authentication MD5 cisco123 123 rip inside passive version 2 authentication MD5 cisco123 123
SecureMe is now planning to deploy OSPF in its inside network for dynamic routing. To set up OSPF, navigate to Configuration > Features > Routing > Routing > OSPF > Setup and click the Process Instances tab. You can enable OSPF globally and specify the OSPF process ID. Before you can set up OSPF, you need to disable RIP on the security Cisco ASA, because you cannot enable both routing protocols simultaneously. After you set up the process ID, click the Area/Networks tab to specify the OSPF area ID, as shown in Figure 19-12, in which the OSPF Process is set to 100 and the OSPF Area ID is 0. Because SecureMe wants to run OSPF on the inside interface, which has an IP address of 18.104.22.168, SecureMe's administrator has specified the IP address with a host mask of 255.255.255.255 in Figure 19-12.
Figure 19-12. Setting Up OSPF as the Routing Protocol
Example 19-5 shows the basic OSPF configuration that is generated by ASDM.
Example 19-5. OSPF Configuration Generated by ASDM
router ospf 100 log-adj-changes area 0 network 22.214.171.124 255.255.255.255 area 0
You can configure either RIP or OSPF as the routing protocol on Cisco ASA.
As discussed in Chapter 6, Cisco ASA supports multicast routing and uses PIM Sparse mode for dynamic routing. You can enable multicast routing by navigating to Configuration > Features > Routing > Multicast and clicking Enable Multicast Routing, as shown in Figure 19-13.
Figure 19-13. Enabling Multicast Routing
As the administrator, you can set up PIM Sparse mode by specifying a Rendezvous Point under Configuration > Features > Routing > Multicast > PIM > Rendezvous Points, as shown in Figure 19-14.
Figure 19-14. Specifying a Rendezvous Point
In Figure 19-14, SecureMe is using a Cisco IOS router at 192.168.10.2 as the Rendezvous Point and ASDM is being set up to use this address for all the multicast addresses. Example 19-6 shows the multicast configuration generated by ASDM.
Example 19-6. Multicast Configuration Generated by ASDM
multicast routing pim old-register-checksum pim rp-address 192.168.10.2 bidir
Part I: Product Overview
Introduction to Network Security
Part II: Firewall Solution
Initial Setup and System Maintenance
Network Access Control
Authentication, Authorization, and Accounting (AAA)
Failover and Redundancy
Quality of Service
Part III: Intrusion Prevention System (IPS) Solution
Intrusion Prevention System Integration
Configuring and Troubleshooting Cisco IPS Software via CLI
Part IV: Virtual Private Network (VPN) Solution
Site-to-Site IPSec VPNs
Remote Access VPN
Public Key Infrastructure (PKI)
Part V: Adaptive Security Device Manager
Introduction to ASDM
Firewall Management Using ASDM
IPS Management Using ASDM
VPN Management Using ASDM