Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 Enabling RIP Authentication

28-11

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter28 Configuring RIP

Customizing RIP

•Internal, in which routes internal to the AS are redistributed.

•External 1, in which Type 1 routes external to the AS are redistributed.

•External 2, in which Type 2 routes external to the AS are redistributed.

•NSSA External 1, in which Type 1 routes external to an NSSA are redistributed.

•NSSA External 2, in which Type 2 routes external to an NSSA are redistributed.

Step7 Click OK.

Enabling RIP Authentication

Note The ASA supports RIP message authentication for RIP Version 2 messages.

RIP route authentication provides MD5 authentication of routing updates from the RIP routing protocol.

The MD5 keyed digest in each RIP packet prevents the introduction of unauthorized or false routing

messages from unapproved sources.

RIP route authentication is configured on a per-interface basis. All RIP neighbors on interfaces

configured for RIP message authentication must be configured with the same authentication mode and

key for adjacencies to be established.

Note Before you can enable RIP route authentication, you must enable RIP.

To enable RIP authentication on an interface, perform the following steps:

Step1 In the main ASDM window, choose Configuration > Device Setup > Routing > RIP > Setup.

Step2 Check the Enable RIP routing check box, and click Apply. If you uncheck this check box, the ASA

sends RIP Version 1 updates and accepts RIP Version 1 and Version 2 updates. You can override this

setting on a per-interface basis in the Interface pane. Version 1 specifies that the ASA only sends and

receives RIP Version 1 updates. Any Version 2 updates received are dropped. Version 2 specifies that the

ASA only sends and receives RIP Version 2 updates. Any Version 1 updates received are dropped.

Step3 Choose Configuration > Device Setup > Routing > RIP > Interface.

Step4 Click Edit.

The Edit RIP Interface Entry dialog box appears, which allows you to configure the interface-specific

RIP settings.

Step5 In the Authentication area, check the Enable Authentication check box to enable RIP authentication.

Uncheck this check box to disable RIP authentication.

Step6 In the Key field, enter the key used by the authentication method. This entry can include up to 16

characters.

Step7 In the Key ID field, enter the key ID. Valid values range from 0 to 255.

Step8 Choose the type of authentication mode that you want to use by clicking the radio button next to one of

the following:

•MD5 to use MD5 for RIP message authentication.

Cisco Systems Enabling RIP Authentication