Filter
Top Products
54-2
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 54 Configuring Routing Policies on Firewall Devices
Configuring OSPF
Navigation Path
• (Device view) Select Platform > Routing > No Proxy ARP from the Device Policy selector.
• (Policy view) Select PIX/ASA/FWSM Platform > Routing > No Proxy ARP from the Policy Type
selector. Select an existing policy from the Shared Policy selector, or create a new one.
Related Topics
• Configuring Static Routes, page 54-48
• Configuring RIP, page 54-40
• Configuring OSPF, page 54-2
Configuring OSPF
The OSPF page provides nine tabbed panels for configuring OSPF (Open Shortest Path First) routing on
a firewall device. The following topics provide detailed information about enabling and configuring
OSPF:
• About OSPF, page 54-2
• General Tab, page 54-3
• Area Tab, page 54-6
• Range Tab, page 54-8
• Neighbors Tab, page 54-10
• Redistribution Tab, page 54-11
• Virtual Link Tab, page 54-13
• Filtering Tab, page 54-15
• Summary Address Tab, page 54-17
• Interface Tab, page 54-18
Navigation Path
• (Device view) Select Platform > Routing > OSPF from the Device Policy selector.
• (Policy view) Select PIX/ASA/FWSM Platform > Routing > OSPF from the Policy Type selector.
Select an existing policy from the Shared Policy selector, or create a new one.
About OSPF
Open Shortest Path First (OSPF) is an interior gateway routing protocol that uses link states rather than
distance vectors for path selection. OSPF propagates link-state advertisements (LSAs) rather than
routing table updates. Because only LSAs are exchanged, rather than entire routing tables, OSPF
networks converge more quickly than RIP networks.
OSPF supports MD5 and clear-text neighbor authentication. Authentication should be used with all
routing protocols whenever possible, because route redistribution between OSPF and other protocols
(like RIP) can potentially be used by attackers to subvert routing information.
If NAT is used when OSPF is operating on public and private areas, and if address filtering is required,
you need to run two OSPF processes—one process for the public areas and one for the private areas.