Hi Ajay.
I haven't tried ASA with EIGRP/RIP in routed mode but with OSPF you
don't have to explicitly permit corresponding IP protocol to form
adjacencies for inside interface. I suppose other routing protocols
behave the same for the routed mode.
HTH,
A.
Mujtaba Bashir wrote:
> hi Ajay,The security appliance does not allow any traffic unless it is
> explicitly permitted by an extended access list.
> --Mujtaba Bashir
>
>
>> Date: Tue, 23 Jun 2009 11:20:22 +0530
>> Subject: permit rip/eigrp on inside interface of ASA?
>> From: ajaymehra01_at_gmail.com
>> To: ccielab_at_groupstudy.com
>>
>> Hi,
>>
>> Is this a known issue with ASA? Eigrp and rip packets are not allowed to
>> enter inside interface of Transparent Firewall until explicitly permitted.
>>
>> %ASA-3-106010: Deny inbound protocol 88 src inside:150.100.3.254 dst
>> outside:224
>> .0.0.10
>>
>> %ASA-2-106006: Deny inbound UDP from 150.100.1.254/520 to 224.0.0.9/520 on
>> inter
>> face inside
>>
>>
>> After I enable "access-list INSIDE per ip an an" everything worked.
>>
>> Although I have not got a chance to test this with Routed firewall but I
>>
> see
>
>> this problem always with Transparent firewall.
>>
>>
>>
>> Thanks
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
> _________________________________________________________________
> Hotmail. has ever-growing storage! Don�t worry about storage limits.
> http://windowslive.com/Tutorial/Hotmail/Storage?ocid=TXT_TAGLM_WL_HM_Tutorial
> _Storage_062009
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Tue Jun 23 2009 - 16:20:49 ART