Giving the ASA the information it needs to take a decision on incoming packets. Train ASA how to reach L3 network.
To check routes on ASA
show route
On IOS router this command is show ip route
On ASDM :
Config -> Device Setup -> Routing -> Add
CLI :
static route
route outside 0.0.0.0 0.0.0.0 192.168.1.1 3
3 is “Distance metric” here
Static route for inside interface to reach 10.0.1.0 network
route inside 10.0.1.0 255.255.255.0 10.0.0.11 2
show route
ping 10.0.0.1
If we have 100’s of a network, we don’t want to add them manually. In that case, we will be using dynamic routing protocols.
Supported Routing Protocols
RIP v1 v2
OSPF
EIGRP
Let's configure ospf
router ospf 1
area 1
network 172.16.0.0 255.255.255.0 area 1
network 192.168.1.0 255.255.255.0 area 1
network 10.0.0.0 255.255.255.0 area 1
show ospf neighbour
show route
to remove ospf :
no router ospf 1
RIP Config:
router rip
no auto-summary
version 2
network 10.0.0.0
network 172.16.0.0
network 192.168.1.0
show route
To remove RIP
no router rip
EIGRP Config:
router eigrp 1
network 172.16.0.0 255.255.255.0
network 192.168.1.0 255.255.255.0
network 10.0.0.0 255.255.255.0
Note : network 0.0.0.0 0.0.0.0 : This means everything in eigrp
show route
Multicast :
CLI to enable multicast routing capabilities
multicast-routing
Now we can use protocol PIM (protocol independent multicast).
It supports
1. STUB multicast routing also is known as SMR. This is used on edge of multicast network.
2. PIM SPARSE mode: it will not forward traffic until it has good reason to do so. Only forward traffic to multicast group or client whoever request that.
It also supports PIM on bidirectional functionality
ASA doesn’t support Dense mode.
No comments:
Post a Comment