From: Tyson Scott (tscott@ipexpert.com)
Date: Tue Jun 24 2008 - 12:28:39 ART
Then do my second recommendation
On Tue, Jun 24, 2008 at 11:23 AM, ISolveSystems
<support@isolvesystems.com> wrote:
> I change it to .6. Same result.
>
> On Tue, Jun 24, 2008 at 10:01 AM, Tyson Scott <tscott@ipexpert.com> wrote:
>>
>> Well,
>> You would want to do .5 and .6 not .4 and .5
>>
>> deny ospf host 1.1.1.1 host 1.1.1.2
>> deny ospf host 1.1.1.1 host 224.0.0.5
>> deny ospf host 1.1.1.1 host 224.0.0.6
>>
>> if that still doesn't work only add the network statement that you
>> want OSPF running on and then redistribute the route for the
>> interfaces you don't want it running on.
>>
>>
>>
>> On Tue, Jun 24, 2008 at 10:23 AM, ISolveSystems
>> <support@isolvesystems.com> wrote:
>> > Hello Expert,
>> > I am trying to deny OSPF from forming relationship between ASAs. I
>> > tried
>> > the following without success. 1.1.1.1 is the neighbor IP address.
>> > 1.1.1.2is the local interface IP.
>> >
>> > access-list DMZ-IN extended deny ospf host 1.1.1.1 host 1.1.1.2
>> > access-list DMZ-IN extended deny ospf host 1.1.1.1 host 224.0.0.5
>> > access-list DMZ-IN extended deny ospf host 1.1.1.1 host 224.0.0.4
>> > access-list DMZ-IN extended deny ip host 1.1.1.1 host 224.0.0.5
>> > access-list DMZ-IN extended deny ip host 1.1.1.1 host 224.0.0.4
>> >
>> > Any idea?
>> >
>> > Thanks.
>> >
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> >
>> >
>> >
>>
>>
Tyson Scott - CCIE #13513 R&S and Security
Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto: tscott@ipexpert.com
This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:23 ART