PIX OSPF Network
Configuring OSPF on your Security Appliance requires you to perform the following steps:
Step 1 Enable OSPF.
Step 2 Define the Security Appliance interfaces that need to run OSPF.
Step 3 Define OSPF areas.
Step 4 Configure LSA filtering to protect private addresses.
Using the configuration shown in Figure 11-2, the following commands configure OSPF
based on the scenario described:
pix515a(config)# router ospf 1
pix515a(config-router)# area 0 filter-list prefix ten in
pix515a(config-router)# network 192.168.0.0 255.255.0.0 area 0
pix515a(config-router)# network 172.16.1.0 255.255.255.0 area 172.16.1.0
pix515a(config-router)# network 10.10.10.0 255.255.255.0 area 10.10.10.0
pix515a(config-router)# prefix-list ten deny 10.10.10.0/24
pix515a(config)#
pix515a(config)# router ospf 1
pix515a(config-router)# prefix-list ten permit 172.16.1.0/24
pix515a(config)#
When configuring OSPF, you should also enable one of the following authentication
mechanisms:
■ Password
■ MD5 (message digest algorithm 5)
NOTE If you configure your Security Appliance as an ASBR, then you need to configure
multiple OSPF processes on the firewall if you want to perform address filtering.