From: Tyson Scott (tscott@ipexpert.com)
Date: Tue Jun 24 2008 - 12:01:59 ART
Well,
You would want to do .5 and .6 not .4 and .5
deny ospf host 1.1.1.1 host 1.1.1.2
deny ospf host 1.1.1.1 host 224.0.0.5
deny ospf host 1.1.1.1 host 224.0.0.6
if that still doesn't work only add the network statement that you
want OSPF running on and then redistribute the route for the
interfaces you don't want it running on.
On Tue, Jun 24, 2008 at 10:23 AM, ISolveSystems
<support@isolvesystems.com> wrote:
> Hello Expert,
> I am trying to deny OSPF from forming relationship between ASAs. I tried
> the following without success. 1.1.1.1 is the neighbor IP address.
> 1.1.1.2is the local interface IP.
>
> access-list DMZ-IN extended deny ospf host 1.1.1.1 host 1.1.1.2
> access-list DMZ-IN extended deny ospf host 1.1.1.1 host 224.0.0.5
> access-list DMZ-IN extended deny ospf host 1.1.1.1 host 224.0.0.4
> access-list DMZ-IN extended deny ip host 1.1.1.1 host 224.0.0.5
> access-list DMZ-IN extended deny ip host 1.1.1.1 host 224.0.0.4
>
> Any idea?
>
> Thanks.
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
-- Tyson Scott - CCIE #13513 R&S and Security Technical Instructor - IPexpert, Inc.Telephone: +1.810.326.1444 Fax: +1.810.454.0130 Mailto: tscott@ipexpert.com
This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:23 ART