Hello all,
I have a remote network which is configured to access my local network via IPSec VPN tunnel established between to ASA 5500 devices. I have OSPF configured on both ASA outside interfaces as static neighbors with broadcast turned off. The local ASA is directly connected to our external "internet" switch which my firewall connects to also. The problem I am running into is the local ASA is sending the new route to my layer 3 OSPF enabled core switch just behind it on my local network. Creating an alternate path to the external "internet" network range.
How do I prevent my layer 3 switch from learning the ASA's directly connected route to the external network?
The tunnel comes up and the remote network can access the internal network but the core switch now has a new route to the internet. (Note: The ASA is blocking the traffic so no vulnerability)
Can I use the "Filtering" option within the ASDM? Can I disable OSPF on the outside interface of my local ASA and configure the remote ASA with my core switch as the neighbor?
Taken from the ASA 7.2(2) ASDM Online Help.
---------------" Filtering Configuration > Routing > Dynamic Routing > OSPF > Filtering
The Filtering pane displays the ABR Type 3 LSA filters that have been configured for each OSPF process.
ABR Type 3 LSA filters allow only specified prefixes to be sent from one area to another area and restricts all other prefixes. This type of area filtering can be applied out of a specific OSPF area, into a specific OSPF area, or into and out of the same OSPF areas at the same time.
Benefits OSPF ABR Type 3 LSA filtering improves your control of route distribution between OSPF areas.
Restrictions Only Type-3 LSAs that originate from an ABR are filtered."-------------------
Thanks for your help in advance.