OSPF ABR Type 3 LSA Filtering

Discussion in 'Cisco' started by skeeterflea@gmail.com, May 29, 2007.

  1. Guest

    Hello all,


    I have a remote network which is configured to access my local network
    via IPSec VPN tunnel established between to ASA 5500 devices. I have
    OSPF configured on both ASA outside interfaces as static neighbors
    with broadcast turned off. The local ASA is directly connected to our
    external "internet" switch which my firewall connects to also. The
    problem I am running into is the local ASA is sending the new route to
    my layer 3 OSPF enabled core switch just behind it on my local
    network. Creating an alternate path to the external "internet"
    network range.

    How do I prevent my layer 3 switch from learning the ASA's directly
    connected route to the external network?

    The tunnel comes up and the remote network can access the internal
    network but the core switch now has a new route to the internet.
    (Note: The ASA is blocking the traffic so no vulnerability)

    Can I use the "Filtering" option within the ASDM? Can I disable OSPF
    on the outside interface of my local ASA and configure the remote ASA
    with my core switch as the neighbor?

    Taken from the ASA 7.2(2) ASDM Online Help.

    ---------------" Filtering
    Configuration > Routing > Dynamic Routing > OSPF > Filtering

    The Filtering pane displays the ABR Type 3 LSA filters that have been
    configured for each OSPF process.

    ABR Type 3 LSA filters allow only specified prefixes to be sent from
    one area to another area and restricts all other prefixes. This type
    of area filtering can be applied out of a specific OSPF area, into a
    specific OSPF area, or into and out of the same OSPF areas at the same
    time.

    Benefits
    OSPF ABR Type 3 LSA filtering improves your control of route
    distribution between OSPF areas.

    Restrictions
    Only Type-3 LSAs that originate from an ABR are
    filtered."-------------------


    Thanks for your help in advance.
     
    , May 29, 2007
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Carl Neenan

    OSPF ABR Route Table

    Carl Neenan, Jul 31, 2004, in forum: Cisco
    Replies:
    1
    Views:
    624
    Ivan Ostres
    Jul 31, 2004
  2. srini

    Need help on Type 5 LSA

    srini, Oct 10, 2006, in forum: Cisco
    Replies:
    0
    Views:
    386
    srini
    Oct 10, 2006
  3. Bob Simon

    OSPF ABR for 3 Areas?

    Bob Simon, Oct 24, 2006, in forum: Cisco
    Replies:
    1
    Views:
    477
  4. palas_123

    LSA type

    palas_123, Nov 19, 2009, in forum: Cisco
    Replies:
    1
    Views:
    614
    donjohnston
    Nov 23, 2009
  5. CREAM

    LSA VS. HELLO PACKET ospf

    CREAM, Jan 20, 2011, in forum: Cisco
    Replies:
    1
    Views:
    899
    bod43
    Jan 21, 2011
Loading...

Share This Page