RE: Deny OSPF neighbor relationship using access list

From: Luan Nguyen (luan@t3technology.com)
Date: Tue Jun 24 2008 - 15:31:32 ART

• Next message: Roberto Correa: "Re: Deny OSPF neighbor relationship using access list"
• Previous message: Jack Tsai: "secondary IP"
• Maybe in reply to: ISolveSystems: "Deny OSPF neighbor relationship using access list"
• Next in thread: Roberto Correa: "Re: Deny OSPF neighbor relationship using access list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The problem is it doesn't seem like you could deny ospf packet destination
for the pix itself using the ACL?

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Tyson Scott
Sent: Tuesday, June 24, 2008 12:45 PM
To: ISolveSystems
Cc: Cisco certification; Cisco certification
Subject: Re: Deny OSPF neighbor relationship using access list

OK,
As a recommendation in the future please provide more detail of the
setup. Your last statement is not covered at all in your original
question.

Turn on authentication on the interface between the two you want to
form an adjacency. If this still is not an option for you please
provide more detail about your setup and why various methodologies
wont work for you.

On Tue, Jun 24, 2008 at 11:56 AM, ISolveSystems
<support@isolvesystems.com> wrote:
> The second recommendation is not going to work because the two neighbors
are
> on the same interface. I want to deny one of them.
>
> On Tue, Jun 24, 2008 at 10:28 AM, Tyson Scott <tscott@ipexpert.com> wrote:
>>
>> Then do my second recommendation
>>
>> On Tue, Jun 24, 2008 at 11:23 AM, ISolveSystems
>> <support@isolvesystems.com> wrote:
>> > I change it to .6. Same result.
>> >
>> > On Tue, Jun 24, 2008 at 10:01 AM, Tyson Scott <tscott@ipexpert.com>
>> > wrote:
>> >>
>> >> Well,
>> >> You would want to do .5 and .6 not .4 and .5
>> >>
>> >> deny ospf host 1.1.1.1 host 1.1.1.2
>> >> deny ospf host 1.1.1.1 host 224.0.0.5
>> >> deny ospf host 1.1.1.1 host 224.0.0.6
>> >>
>> >> if that still doesn't work only add the network statement that you
>> >> want OSPF running on and then redistribute the route for the
>> >> interfaces you don't want it running on.
>> >>
>> >>
>> >>
>> >> On Tue, Jun 24, 2008 at 10:23 AM, ISolveSystems
>> >> <support@isolvesystems.com> wrote:
>> >> > Hello Expert,
>> >> > I am trying to deny OSPF from forming relationship between ASAs. I
>> >> > tried
>> >> > the following without success. 1.1.1.1 is the neighbor IP address.
>> >> > 1.1.1.2is the local interface IP.
>> >> >
>> >> > access-list DMZ-IN extended deny ospf host 1.1.1.1 host 1.1.1.2
>> >> > access-list DMZ-IN extended deny ospf host 1.1.1.1 host 224.0.0.5
>> >> > access-list DMZ-IN extended deny ospf host 1.1.1.1 host 224.0.0.4
>> >> > access-list DMZ-IN extended deny ip host 1.1.1.1 host 224.0.0.5
>> >> > access-list DMZ-IN extended deny ip host 1.1.1.1 host 224.0.0.4
>> >> >
>> >> > Any idea?
>> >> >
>> >> > Thanks.
>> >> >
>> >> >
>> >> >
>> >> >

• Next message: Roberto Correa: "Re: Deny OSPF neighbor relationship using access list"
• Previous message: Jack Tsai: "secondary IP"
• Maybe in reply to: ISolveSystems: "Deny OSPF neighbor relationship using access list"
• Next in thread: Roberto Correa: "Re: Deny OSPF neighbor relationship using access list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:23 ART