RE: why ASA does NOT need an ACL to form a OSPF neighborship

The same applies for isakmp, IPsec, and SSL VPN connections.

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Brian McGahan
Sent: Wednesday, October 03, 2012 11:16 PM
To: jeremy co; Cisco certification
Subject: RE: why ASA does NOT need an ACL to form a OSPF neighborship

It starts listening for OSPF multicast when you turn the OSPF process on, the same as the routers do. If it's not running OSPF then it just ignores those groups.

Brian McGahan, CCIE #8593 (R&S/SP/Security) bmcgahan_at_INE.com

Internetwork Expert, Inc.
http://www.INE.com

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of jeremy co
Sent: Wednesday, October 03, 2012 9:32 PM
To: Cisco certification
Subject: why ASA does NOT need an ACL to form a OSPF neighborship

Folks,

Dumb question but seems I cant figure it out. How come ASA doesnt need an ACL to permit protocol 89 on outside interface to for ospf adjacancy?

What is the behind of scene action that it does to for ospf adjacency ?
 Does asa listen to Multicast addresses by default and does not drop them ?

I couldnt find relevant info in show asp to find the answer, appreciate if someone can guide me on this

Where on CLI I can verify if it listens to multicast ?

Thanks

Blogs and organic groups at http://www.ccie.net
Received on Thu Oct 04 2012 - 03:19:15 ART