Routing Information Protocol

Routing Information Protocol (RIP) has been around for many years. However, due to its limited ability to function in large enterprise networks, it has not been the first choice for many network engineers. Even though it's not widely used anymore, the ASA supports RIP versions 1 and 2. In this section, we are going to take a look at how to configure RIP using the ASDM:

  1. To get started, open the ASDM and navigate to Configuration | Device Setup | Routing | RIP | Setup.
  2. The following window on the ASDM will allow us to enable the RIP routing protocol on the ASA. To enable RIP, ensure the checkbox next to Enable RIP routing is checked. As a good practice, we would disable auto-summarization and use RIP version 2:
Benefits of RIPv2 are further discussed in the CCNA: Routing and Switching certification (https://www.cisco.com/c/en/us/training-events/training-certifications/certifications/associate/ccna-routing-switching.html). 
RIPv2 can only receive and send RIPv2 packets. RIPv1 can send only version 1 packets but can receive both versions 1 and 2 packets.
  1. If there's a default route that needs to propagate from this ASA to other devices such router using the RIP routing protocol, this can be achieved by checking the Enable default information originate checkbox.

Under the Networks section, you can add network IDs, however, subnet masks are not allowed on the configurations of the RIP.

Another good practice is enabling passive interfaces on interfaces that do not have a router or another firewall on the other end. Some examples can be the internet port and the LAN port. The passive interface feature disables routing packets going out on the selected interface(s). This can be useful in many situations—it can be a security risk, waste of bandwidth on the links, and a waste of resources.

Furthermore, we can manually choose which versions of RIP messages to exchange per interface.

  1. To achieve this function on the ASA, click on the Interface as displayed in the following screenshot:
  1. Select the interface you would like to modify and click on Edit. The following window will appear providing options to manually adjust the RIP version messages to send and receive. Another feature is authentication, which would require the neighbor RIP-enabled devices, such as another firewall or router, to provide authentication before they are allowed to exchange RIP packets between themselves in the routing domain:

The Key is the actual passphrase that would be used to provide during the Authentication phase. The Key ID is used as a reference and the Authentication Mode determines whether the key is sent as plain-text (unsecure) or as a Message Digest 5 (MD5) hash (secure) across the link.

  1. Clicking on OK will take you back to the main RIP setup window.
  2. Once you are finished, click Apply and save your configurations.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.142.98.108