ROUTING WITH OSPF ON THE ASA
OSPF is a link-state routing protocol that can partition a network into a hierarchy of distinct numbered areas. Area 0 is always considered the backbone area of the OSPF domain or autonomous system, which must connect to all other areas.
When an OSPF router connects to two or more different areas, it is called an Area Border Router (ABR).
When an OSPF router connects an area to a non-OSPF domain and it imports routing information from other sources into OSPF, it is called an Autonomous System Boundary Router (ASBR).
OSPF routers build a common database of the status of all links in the area by exchanging link-state advertisements (LSA). The routers build their routing tables by computing the shortest path first (SPF) algorithm based on that database. OSPF uses a path cost value, which is based on link bandwidth, as a routing metric. An ASA can support at most two different OSPF processes.
In our OSPF demonstration we are going to use the same network topology as the one we used in RIPv2 and EIGRP routing protocols. The OSPF network topology is shown below.
ASA OSPF NETWORK TOPOLOGY
In this OSPF demonstration, the ASA Firewall has learned the routes 10.0.10.0/24, 10.0.20.0/24, 10.0.30.0/24, and 10.0.40.0/24 from the MOIGETECH-INSIDE-ROUTER. At the same time MOIGETECH-INSIDE-ROUTER has learned the routes 172.16.0.0/24, 22.214.171.124/24, 10.0.0.0/24 as well as the default of 0.0.0.0/0 from the ASA firewall.
OSPF ROUTES ON THE ASA FIREWALL
OSPF ROUTES ON THE INSIDE ROUTER
This marks the end of Routing on the Cisco ASA firewall. What we have covered is just a fraction on what the ASA firewall can as far as routing is concerned. The ASA can be fine-tuned to meet all your routing needs.