RE: Deny OSPF neighbor relationship using access list

From: Shogo (k.shogo@gmail.com)
Date: Tue Jun 24 2008 - 19:44:33 ART

• Next message: ccieking@gmail.com: "Wrong Packets"
• Previous message: Dinesh Patel: "GONE - Release 12.3 Master Command List"
• Maybe in reply to: ISolveSystems: "Deny OSPF neighbor relationship using access list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,
It seems the source address possibly wrong...

1. Debug ip ospf adj
2. Make sure where hello packet is sourced, and destined
3. Apply access-list on interface.

----- ec
.c!cc;c<c8 -----
e7.e:d::: ISolveSystems <support@isolvesystems.com>
i
d?!f%f: 2008e946f24f% 23:23
e.e: Cisco certification <ccielab@groupstudy.com>; Cisco certification <security@groupstudy.com>
d;6e: Deny OSPF neighbor relationship using access list

Hello Expert,
I am trying to deny OSPF from forming relationship between ASAs. I tried
the following without success. 1.1.1.1 is the neighbor IP address.
1.1.1.2is the local interface IP.

access-list DMZ-IN extended deny ospf host 1.1.1.1 host 1.1.1.2
access-list DMZ-IN extended deny ospf host 1.1.1.1 host 224.0.0.5
access-list DMZ-IN extended deny ospf host 1.1.1.1 host 224.0.0.4
access-list DMZ-IN extended deny ip host 1.1.1.1 host 224.0.0.5
access-list DMZ-IN extended deny ip host 1.1.1.1 host 224.0.0.4

Any idea?

Thanks.

• Next message: ccieking@gmail.com: "Wrong Packets"
• Previous message: Dinesh Patel: "GONE - Release 12.3 Master Command List"
• Maybe in reply to: ISolveSystems: "Deny OSPF neighbor relationship using access list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:23 ART