Re: RE : PIX RIP authentication MD5

From: Michael Wong (generalccie@yahoo.com)
Date: Tue Dec 28 2004 - 19:32:12 GMT-3

• Next message: Larry Roberts: "Re: RE : PIX RIP authentication MD5"
• Previous message: R. Adjakou/Home: "Re: VLAN UP/DOWN"
• Maybe in reply to: Richard Dumoulin: "RE : PIX RIP authentication MD5"
• Next in thread: Larry Roberts: "Re: RE : PIX RIP authentication MD5"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I turned on "debug rip" but it does not say anything about "authentication failed" after I did a "clear ip route *" at the router, see attached output. I also turned on debug ip rip events at the router, nothing talks about the authentication.
 
THe order I did is mode first then key-chain. I also rebooted the router. The router is running 12.2-19a.
 
Do I need to configure something under router rip? right now the only relevant one is the neighbor 10.50.31.2 pointing to the PIX.
 
thanks!
Michael
 
220: RIP: interface inside received v2 update from 10.10.6.1
221: RIP: update contains 1 routes
222: RIP: Advertise network 192.168.6.0 mask 255.255.255.0 gateway 10.10.6.1 met
ric 1
223: RIP: interface outside received v2 update from 10.50.31.1
224: RIP: interface outside received v2 update from 10.50.31.1
225: RIP: interface inside sending v2 update to 224.0.0.9
226: RIP: interface outside received v2 update from 10.50.31.1
227: RIP: interface outside received v2 update from 10.50.31.1
228: RIP: interface inside received v2 update from 10.10.6.1
229: RIP: update contains 1 routes
230: RIP: Advertise network 192.168.6.0 mask 255.255.255.0 gateway 10.10.6.1 met
ric 1
231: RIP: interface inside received v2 update from 10.10.6.1
232: RIP: update contains 1 routes
233: RIP: Advertise network 192.168.6.0 mask 255.255.255.0 gateway 10.10.6.1 met
ric 1
234: RIP: interface outside received v2 update from 10.50.31.1
235: RIP: interface outside received v2 update from 10.50.31.1
236: RIP: interface inside received v2 update from 10.10.6.1
237: RIP: update contains 1 routes
238: RIP: Advertise network 192.168.6.0 mask 255.255.255.0 gateway 10.10.6.1 met
ric 1
239: RIP: interface inside received v2 update from 10.10.6.1
240: RIP: update contains 1 routes
241: RIP: Advertise network 192.168.6.0 mask 255.255.255.0 gateway 10.10.6.1 met
ric 1
242: RIP: interface inside sending v2 update to 224.0.0.9

Larry Roberts <groupstudy@american-hero.com> wrote:
If you do a debug on the PIX of rip, do you see the routes coming in,
and do you see a message about "authentication failed" ?

When you added your rip configuration to E0/0, did you add the mode
first, then the key-chain? I usually have errors unless I add mode first.

I agree with rebooting your router and see if that helps.

Richard Dumoulin wrote:
> How do you know it is the PIX and not the router? Can you reboot your router
> please, for some IOS the order to enter the rip authentication commands is
> important,
>
> -- Richard
>
> -----Message d'origine-----
> De : Michael Wong [mailto:generalccie@yahoo.com]
> Envoyi : Tuesday, December 28, 2004 6:24 AM
> @ : ccielab@groupstudy.com
> Objet : PIX RIP authentication MD5
>
> Hi,
>
> I am not able to get PIX RIP authentication running using MD5. Without MD5,
> the routing is fine, when I turned on MD5 using the following, PIX no longer
> gets RIP routes, could you spot anything I am missing? thanks.
>
> on PIX:
>
> rip outside passive version 2 authentication md5 cisco 1
>
> on Router:
> !
> key chain r3
> key 1
> key-string cisco
> !
> interface Ethernet0/0
> ip address 10.50.31.1 255.255.255.0
> ip rip authentication mode md5
> ip rip authentication key-chain r3
> half-duplex
> !
>
> thanks,
> Michael
>
>
> ---------------------------------
> Do you Yahoo!?
> Yahoo! Mail - now with 250MB free storage. Learn more.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> **********************************************************************
> Any opinions expressed in the email are those of the individual and not
> necessarily the company. This email and any files transmitted with it are
> confidential and solely for the use of the intended recipient. If you are not
> the intended recipient or the person responsible for delivering it to the
> intended recipient, be advised that you have received this email in error and
> that any dissemination, distribution, copying or use is strictly prohibited.
>
> If you have received this email in error, or if you are concerned with the
> content of this email please e-mail to: e-security.support@vanco.info
>
> The contents of an attachment to this e-mail may contain software viruses
> which could damage your own computer system. While the sender has taken every
> reasonable precaution to minimise this risk, we cannot accept liability for
> any damage which you sustain as a result of software viruses. You should carry
> out your own virus checks before opening any attachments to this e-mail.
> **********************************************************************
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

-- 
Thanks,
Larry

• Next message: Larry Roberts: "Re: RE : PIX RIP authentication MD5"
• Previous message: R. Adjakou/Home: "Re: VLAN UP/DOWN"
• Maybe in reply to: Richard Dumoulin: "RE : PIX RIP authentication MD5"
• Next in thread: Larry Roberts: "Re: RE : PIX RIP authentication MD5"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jan 03 2005 - 10:31:31 GMT-3