Cisco WAN :: ASA 5520 EIGRP Route Filtering?
Feb 26, 2012
I have an ASA 5520 connected to a Cisco 6509E, and we're turning up EIGRP between the two. The problem that I'm running into is that there a few static routes (including a 0.0.0.0) on the core that's being redistributed into the EIGRP AS, and I need to block this from being propagated to the ASA. The ASA only has the capability to use an ACL in conjunction with a distribute-list, and I can't find a way to filter the default route (0.0.0.0 /0), while allowing everything else.
View 3 Replies
ADVERTISEMENT
Oct 13, 2012
I config the routers with EIGRP and also write Static route between two PC before remove the link between router0 and router1 , destination is reachable , but when remove this connection , packet from pc1 to pc0 will drop in a loop and never reach to destination , is it possible to have a Link state routing protocol and static route at the same network like this scenario , how to prevent loop in this topology static route is configure as bellow :
router0 <==> router 1 <==> router2 <==> router3 <==> router <==>pc1
View 6 Replies
View Related
Aug 8, 2012
We have problem con EIGRP and two ASR 1001 in High Availability. ASR2 have received all route (100 route) from PE, but in ASR1 doesnt received all route (75 route) from PE or from other ASR02. All PE have all route. The ASR1 when modify or lost some route dont update to the ASA. see diagram.
View 5 Replies
View Related
May 9, 2012
I have a customer with a primary datacenter and DR datacenter, that has a P2P 100Mbps link connection between them. At the primary Datacenter there will be a Nexus 5596U with a L3 card running EIGRP, it will have three connections, one nothbound to the Internet not a problem, the other is north bound to an MPLS SP managed ISR router. Both datacenters will have MPLS SP managed ISR router, the MPLS service provider will be redistributing BGP into EIGRP from their ISR routers at both datacenters. This means we will learn external EIGRP routes with an AD of 170.
Connected to my 5596 southbound will be the SAN for the EMC storage traffic, the DR also has a SAN with EMC storage as well. The 100Mbps P2P link is primarily for replication traffic.
Since the Nexus 5596U with L3 module doesn't support PBR I have to figure a way for replication traffic to prefer the 100Mbps P2P link vs the MPLS cloud. I was thinking of running iBGP over the P2P link with the Nexus 5596 being a route reflector and it's iBGP peer which will be a Catalyst 3750X at the other end of the P2P link being the route-reflector client. That way both iBGP peers will exchanged learned routes.
I have to come up with a way for the replication traffic that comes sourced from the IP addresses of the EMC/storage to prefer the P2P link which will have an AD of 200 from iBGP in the routing table vs the external EIGRP traffic that has an AD of 170 in the routing table. All other traffic will route normally across the MPLS cloud. All other traffic will include client server traffic as there are application servers that sit south bound of the Nexus 5596, the client traffic will come inbound to the datacenter via the MPLS cloud.
I don't have a Nexus 5596 to do a mock lab. My thought is to redistributed connected with a route-map in EIGRP on the Nexus 5596 with a two match statements then set the IP next hop to the IP of the 3750X. I would need to select only replication traffic, so I was thinking if I can match on vlan and next-hop then my set command would be the next-hop of the 3750X.
View 2 Replies
View Related
May 22, 2013
I have a mixed WAN environment with both eBGP and EIGRP routes. The BGP routes should always take precedence, when they exist. If no BGP routes exist I want the router to fail over to using the EIGRP routes. So far, this works fine.
The problem is, when the BGP route again becomes available (and the associated entry appears in the "sh ip bgp ... received-routes" output) the router is NOT relinquishing the EIGRP route. It remains in effect, showing as a "D" route int the route table even though there is a better ("B") route available. If I bounce EIGRP or the interface associated with it, the EIGRP route disappears and the BGP route reasserts itself, and everything will run correctly until the next time the BGP route disappears due to maintenance, line failure, etc.
My router is (C2900-UNIVERSALK9-M), Version 15.3(1)T
Here's the associated config
interface Tunnel101
description VPN backup WAN interface
bandwidth 7168
ip address 192.168.75.1 255.255.255.0
[code].....
View 7 Replies
View Related
Mar 11, 2012
In EIGRP, if a router loses the successor to a route, and it has no FS, it goes active (starts asking all neighbors if they have a successor for that route).But if the neighbor did have a successor, shouldn't they have pro-actively told us about it when they learned it (so we already have it as the Feasible Successor?).
View 6 Replies
View Related
Jun 20, 2012
I have a 3750 at a branch running EIGRP connected to two routers that both have configured:
access-list 1 deny 0.0.0.0
access-list 1 permit any
access-list 2 permit 0.0.0.0
access-list 2 deny any
router eigrp 1distribute-list 1 out FastEthernet0/0distribute-list 2 in FastEthernet0/0
Due to this recently applied config the switch become unreachable from the outside and cannot ping anything. Everything connected to it works fine. I was able to remote into it from a switch behind it and noticed that the 3750 has no default route in the routing table. I do see a default route in the eigrp topology table. How to make the switch learn a default route maintaining the existing configuration on the routers.
View 3 Replies
View Related
Jun 24, 2012
I have worked at many compaines and I always see route filtering performed the same way when using BGPv4. Prefix list. Why do admins use this method. Dont route-maps/distribute list perform the same function ?
View 2 Replies
View Related
Apr 26, 2012
I'm trying to create a route-map for an EIGRP Distribute list on a N7K, the goal is to not advertise a 10.0.0.0/8 and 172.31.30.20/32 networks out a link to a remote site while permitting all other traffic to the internet (default). I configured the ACL/route-maps below and applied them outbound on the N7K interface but no subnets at all are being received on the remote site router.
ip access-list DENY_10.0.0.0
10 permit ip any 10.244.244.20/30 <<--WAN interface network
20 deny ip any 10.0.0.0/8
25 deny ip any 172.31.30.20/32
30 permit ip any any
[code]....
View 0 Replies
View Related
Feb 13, 2013
I'm attempting to redistribute a static route into EIGRP on a 3750 switch and pass it to an upstream router, sadly however this isn't working, or at least the route isn't being recieved on the upstream router. [code]
View 10 Replies
View Related
Mar 11, 2012
We are deploying a new office in the building next to our main office. The main office has a Cisco ASA 5510 behind that is a Cisco 3750 stack. In the new office we are deploying a new Cisco 3750, they will be connected via fiber cable. I have sliced off VLAN 800 as a transit link /30 with an address space of 10.249.249.1-4. The new 3750 only has two VLAN's 800 and 112 (10.112.0.0/24). VLAN 112 routes are advertised to the neighboring 3750 properly as seen in the routing tables of the 3750 stack:
D 10.112.0.0/24 [90/3072] via 10.249.249.2, 00:22:24, Vlan800
Traffic passes between all local VLANS with no issue. I found in order to get packets to pass between the ASA and the new 3750 I had to add a static route to the ASA:
S 10.112.0.0 255.255.255.0 [1/0] via 10.100.0.1, inside
My question is why is EIGRP not advertising the 10.112.0.0 network to the ASA. Here are EIGRP configs on the switches
Existing 3750 Stack
router eigrp 100
network 10.0.0.0
redistribute static
[code]....
View 9 Replies
View Related
Jun 8, 2011
Is it possible to track a IPSLA operation and if it goes down track a static route which will be removed from EIGRP process. I have read through documentation and have come stuck. I have the below configured and have shown the features installed. How would I go about getting the below static route injected into EIGRP only if the IPSLA operation in ok?
track RMB
type rtr 100 reachability
ipsla
[Code]....
View 2 Replies
View Related
Feb 19, 2013
I have an issue with my setup of a 6500 switch (12.2(33)SXI9).We have a 6500 switch with several VRF's. For a certain VRF I would like to redistribute a static route in EIGRP. After doing so I don't see the static route on my eigrp neighbor.
This is a overview of my config. I'm basically redistributing only my static route for this vrf in eigrp.
I found a similar case in which the solution was adding a metric to the static route. (eg. redistribute static route-map static-eigrp-pp metric 10000 100 255 1 1500). But the strange thing is that we don't have this issue on a similar machine (same IOS, same config setup). [code]
View 2 Replies
View Related
Dec 18, 2011
this is a Nexus 5596 L3 with the latest code:
It looks like the deny statement is not working as I can see all routes I am redistributing. I even did a deny on a specific route and I still see it in the routing table on another router in the autonomous system.The same below works fine on IOS platform. [code]
View 5 Replies
View Related
Apr 3, 2012
I have a router with two interfaces what i need to filter the HTTP traffic from one interface and the rest of the traffic through the other on my cisco router 2800.
View 3 Replies
View Related
Sep 12, 2011
I have a question about filtering incoming bgp route updates from an internet provider. This provider sends the full internet routing table and default route and on an incoming prefix-filter on the customer switch (C6509-sup720) the default route is only accepted.What happens on the 6509 switch when the BGP peer flaps?Does it need to process all the internet routing updates, and if yes probably it cannot handle all these updates?What happens with the CEF table, will the switch install the routes first?
View 4 Replies
View Related
Dec 12, 2012
I have been able to get EIGRP working successfully in the lab like I want.
Attached is the network overview:
We have a Data Center and Corporate office connected via Point to Point Fiber link, eventually we will have two of theseTwo 4948E switches in the Data center acting as cores setup with GLBPCorporate Office has a 3750X acting as a coreCurrently two 4948E's are connected to each other via Port Channel and a L2 trunkTwo set of ASA 5520's one acting as a firewall and for Cisco Any Connect and second for site to site VPN
What is the best way/pratice that I can distribute this DMZ via EIGRP? Should I just leave it static on the core like this?
View 3 Replies
View Related
Jul 25, 2008
CAn we filter MAC address in LAN using ASA 5520 , whats the method ?
View 2 Replies
View Related
Mar 21, 2012
I have configured vpn filtering on all my l2l vpns. I have restricted access from remote to local resources only to specified ports. It works perfectly.But I want to have also full access from local to remote networks (but still preserve restricted access from remote to local). As I now VPN Filter works bi-directional with a single ACL. So is there some way to open all traffic from local to remote and still restrict remote to local traffic? ASA 5520 8.4(3)
View 4 Replies
View Related
Nov 13, 2011
We have multiple vpn tunnels coming to our cisco asa 5520 , the problem is that when we create another tunnel with the same network as another network on the firewall , it does not know how to route the traffic to which interface or sub interface.
View 2 Replies
View Related
Mar 29, 2011
I have inherited an ASA 5520. In doing some auditing of the setup, I have noticed a Static Route that has the inside interface of the ASA as the Gateway IP. I am trying to understand the purpose of this route or why a route would be setup this way.
Example Static Route:
Inside 10.xx.31.0 255.255.255.0 10.xx.xx.10 (10.xx.xx.10 is the inside interface of ASA)
View 2 Replies
View Related
Feb 7, 2012
I have come across articles mentioning that URL Filtering can be implemented by using ASA 5505 with URL Filtering Servers. But Websense and other Web Filtering Servers are paid ones ? Are there any free solutions available ? What exactly is N2H2 ? The reason is I don 't want to increase the CPU utilization of ASA by implementing URL filtering within the device. If I have around 30 nodes which connects to the internet via a 2Mbps line through ASA 5505 and if I want to block around say 10 or 15 URLs , will it increase CU utilization beyond permissible limits ? Currently the CPU Utilization is around 10 - 15 . Here's the infrastructure setup .
------------------------------------------------------------
Nodes -->Switches-->ASA 5505-->Internet
-------------------------------------------------------------
View 4 Replies
View Related
Jun 24, 2011
I've enabled antispoof on all interfaces on asa 5510.If you start a traceroute to a network on the default route, everything works, since replies comes to an interface with route 0.0.0.0/0 defined.If you start a tracer route to a network that is NOT on the default route (let's assume coporate MPLS), you only get response from first carrier router, the other are discarded because of anti spoof violation.
I have ICMP inspection and icmp-error inspection enabled.
View 1 Replies
View Related
Jun 15, 2012
I have a test on eigrp next week and have been doing it in packet tracer so i`m ready but i can`t seem to get EIGRP to work!I have 3 routers and the loopback interfaces are configured because there`s not enough PCs to actually connect up to the kit. [code]
View 5 Replies
View Related
Aug 11, 2012
Does Cisco 861 have EIGRP support?
View 1 Replies
View Related
Aug 25, 2011
We use all Cisco router in our business mostly 1841 and 871. But now i'm currently working with a new router:
Just purchased last week - Cisco 881
The Cisco IOS is:
Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 15.0(1)M6, RELEASE SOFTWARE (fc1)
->System image file is "flash:c880data-universalk9-mz.150-1.M6.bin"
As all our router are Cisco we use EIGRP as our routing protocal. But with this router all I see is:
#router ?
odr On Demand stub Routes
rip Routing Information Protocol (RIP)
Where is my EIGRP ? I can't configure eigrp, so my router wont be doing much routing.
View 6 Replies
View Related
Jul 5, 2012
I have a issue in my network, i have 2 data connections with 2 different ISP (Principal & Backup connection). But with ISP "X" the RTO are stable (RTO 240), but with the ISP "Y" the RTO is in 5000 and the connection always are flapping.
View 13 Replies
View Related
Feb 13, 2011
My Cisco 861 wireless router (CISCO861W-GN-E-K9) don't support EIGRP. What will I do to enable it?
View 1 Replies
View Related
Oct 3, 2006
I have recently connected a 10 Gig connection from the local telco between two sites on 6509's. These two sites also have a 1 Gig links between them. When I connected the 10 Gig link I expected the 10 gig link to be the preferred route, but after looking at the routes I noticed that both links have the same EIGRP path cost. Also the minimum BW for both links is 1000000Kb or 1Gb. Why?
View 11 Replies
View Related
Feb 23, 2011
We have 2x 3750G L3 switches and I am trying to set them up to use EIGRP but for some reason it’s not working, I created 2 routed ports on each switch and I want to route vlan10 traffic to vlan20 to S2. I also enable EIGRP as the routing protocol but I still cannot ping between VLAN 10 and VLAN20 , here are the configs for both switches. What am I doing wrong?
Current configuration : 1943 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
[Code]...
View 6 Replies
View Related
Jul 19, 2011
Our customer wants load-balance across unequal circuits due to the primary link being saturated. Primary link is 10Mb and backup is 4mb (multilink 2 x 2Mb).
I have tried implementing this using ‘variance’ under EIGRP on the 6500 switch but can’t seem to get both WAN routes in the routing table - unless I use the same metric on the route-maps we use for redistribution – e.g. set metric 10000 100 255 1 1500
If I do this the 6500 sees both routes but I’m concerned too much traffic will go via the lower speed link causing more problems. I have adjusted the delay under redistribution to make the 4Mb less preferred and I see this under ‘show ip eigrp top’ and thought the ‘variance’ command on the 6500 switch would work. But no matter what I set variance to it still doesn’t enter the less preferred route in the routing table.
Topology is as follows:
____
|----2800---WAN (10Mb)
6500]
____|----3640---WAN (4Mb)
We use BGP on the WAN and redistribute into EIGRP on the LAN using route maps as follows:
2800 (10Mb)
router eigrp 5555
redistribute bgp 888 metric 10000 200 255 1 1500 route-map bgp-eigrp
no auto-summary
router bgp 888
[Code]....
View 6 Replies
View Related
May 27, 2012
I have been playing around with Packet Tracer trying to understand EIGRP and to put it into practice. Well im not doing so well, I cant get the routers to form an adjacency therefore nothing is pinging outside of the routers. [URL]
View 4 Replies
View Related
Apr 27, 2011
I started studying yesterday for CCNP Route and I'm already stuck. Stupid Frame relay. Basic topology attached, 1 Hub, 2 spokes. I have EIGRP working correctly and each spoke can see all routes correctly. The Hub is on a Multipoint interface with split horizon turned off.
View 15 Replies
View Related
