GeekOut: Basic ASA - EIGRP

ccie-sec May 2nd, 2009

When configuring EIGRP on the firewall, keep in mind to omit the word ip from the commands.

Prerequisites:

-Refer to my Basic ASA - VLANs and IP Addresses posting

Mini-lab Requirement:

Your ASA needs to be aware of the DMZ network behind R2.  Make sure R2 is the only device that can securely send or receive routing updates with the firewall.

Here’s the video:

bbb-basic-asa-eigrp

Notes:

-EIGRP is not supported in multi-context mode.

-When configuring the network command on a PIX or ASA, you will need to define the subnet mask and not the wildcard.

-The passive-interface command for EIGRP is supported on the firewall unlike OSPF.

Author r0ckwell   Comment RSS No Comments

GeekOut: Basic ASA - OSPF

ccie-sec April 17th, 2009

This is very similar to the last lab that I posted.  When configuring OSPF on the firewall, keep in mind to omit the word ip from the commands.

Prerequisites:

-Refer to my Basic ASA - VLANs and IP Addresses posting

Mini-lab Requirement:

Your ASA needs to be aware of the DMZ network behind R2.  Make sure R2 is the only device that can securely send or receive routing updates with the firewall.

Here’s the video:

bbb-basic-asa-ospf

Notes:

-OSPF is not supported in multi-context mode.

-When configuring the network command on a PIX or ASA, you will need to define the subnet mask and not the wildcard.

-The passive-interface command is unsupported on the firewall.  You will need to depend on the neighboring router to control sending/receiving of updates.

-If you would like to verify that you didn’t fat finger the password on the ASA, you can use the more system:running-config | i md5 command to see what you typed.

Author r0ckwell   Comment RSS No Comments

GeekOut: Basic ASA - RIP

ccie-sec April 9th, 2009

Those of you who are familiar with configuring RIP on the routers should have an easier time running through this lab.  When configuring RIP on the firewall, keep in mind to omit the word ip from the commands.

Prerequisites:

-Refer to my Basic ASA - VLANs and IP Addresses posting

Mini-lab Requirement:

Your ASA needs to be aware of the inside network behind R1.  Make sure R1 is the only device that can securely send or receive routing updates with the firewall.

Here’s the video:

bbb-basic-asa-rip

Notes:

-Originally, I had attempted to configure this lab using 7200s running on 12.3, but ran into a strange issue where the ASA was unable to securely send/receive routing updates from R1.  How did I determine things weren’t working?  I didn’t receive the route on the firewall because the log kept stating an invalid authentication.  After toying around with capturing debugs and rebuilding interfaces, I decided to rebuild the lab using 3725s on 12.4.

Author r0ckwell   Comment RSS No Comments
blank