.NODE

Routing Protocols

As introduced in Chapter 6, "IP Routing", the security Cisco ASA supports RIP and OSPF. The following sections cover routing protocol configuration using ASDM.

RIP

To set up the RIP routing protocol, navigate to Configuration > Features > Routing > Routing > RIP. In Figure 19-11, SecureMe wants to configure the inside interface of Cisco ASA for RIP Version 2 with MD5 authentication. The authentication key is cisco123 and the key ID is 123. Cisco ASA will only inject a default route to the RIP-enabled devices toward the inside interface.

Figure 19-11. Setting Up RIP as the Routing Protocol

Example 19-4 shows the RIP configuration generated by ASDM.

Example 19-4. RIP Configuration Generated by ASDM

rip inside default version 2 authentication MD5 cisco123 123

rip inside passive version 2 authentication MD5 cisco123 123

 

OSPF

SecureMe is now planning to deploy OSPF in its inside network for dynamic routing. To set up OSPF, navigate to Configuration > Features > Routing > Routing > OSPF > Setup and click the Process Instances tab. You can enable OSPF globally and specify the OSPF process ID. Before you can set up OSPF, you need to disable RIP on the security Cisco ASA, because you cannot enable both routing protocols simultaneously. After you set up the process ID, click the Area/Networks tab to specify the OSPF area ID, as shown in Figure 19-12, in which the OSPF Process is set to 100 and the OSPF Area ID is 0. Because SecureMe wants to run OSPF on the inside interface, which has an IP address of 209.165.202.130, SecureMe's administrator has specified the IP address with a host mask of 255.255.255.255 in Figure 19-12.

Figure 19-12. Setting Up OSPF as the Routing Protocol

Example 19-5 shows the basic OSPF configuration that is generated by ASDM.

Example 19-5. OSPF Configuration Generated by ASDM

router ospf 100

log-adj-changes

area 0

network 209.165.202.130 255.255.255.255 area 0

Note

You can configure either RIP or OSPF as the routing protocol on Cisco ASA.

 

Multicast

As discussed in Chapter 6, Cisco ASA supports multicast routing and uses PIM Sparse mode for dynamic routing. You can enable multicast routing by navigating to Configuration > Features > Routing > Multicast and clicking Enable Multicast Routing, as shown in Figure 19-13.

Figure 19-13. Enabling Multicast Routing

As the administrator, you can set up PIM Sparse mode by specifying a Rendezvous Point under Configuration > Features > Routing > Multicast > PIM > Rendezvous Points, as shown in Figure 19-14.

Figure 19-14. Specifying a Rendezvous Point

In Figure 19-14, SecureMe is using a Cisco IOS router at 192.168.10.2 as the Rendezvous Point and ASDM is being set up to use this address for all the multicast addresses. Example 19-6 shows the multicast configuration generated by ASDM.

Example 19-6. Multicast Configuration Generated by ASDM

multicast routing

pim old-register-checksum

pim rp-address 192.168.10.2 bidir


Part I: Product Overview

Introduction to Network Security

Product History

Hardware Overview

Part II: Firewall Solution

Initial Setup and System Maintenance

Network Access Control

IP Routing

Authentication, Authorization, and Accounting (AAA)

Application Inspection

Security Contexts

Transparent Firewalls

Failover and Redundancy

Quality of Service

Part III: Intrusion Prevention System (IPS) Solution

Intrusion Prevention System Integration

Configuring and Troubleshooting Cisco IPS Software via CLI

Part IV: Virtual Private Network (VPN) Solution

Site-to-Site IPSec VPNs

Remote Access VPN

Public Key Infrastructure (PKI)

Part V: Adaptive Security Device Manager

Introduction to ASDM

Firewall Management Using ASDM

IPS Management Using ASDM

VPN Management Using ASDM

Case Studies

show all menu





Cisco Asa(c) All-in-one Firewall, IPS, And VPN Adaptive Security Appliance
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
ISBN: 1587052091
EAN: 2147483647
Year: 2006
Pages: 231
Similar book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net