54-3
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter54 Configuring Routing Policies on Firewall Devices
Configuring OSPF
A router that has interfaces in multiple areas is called an Area Border Router (ABR). A router that acts
as a gateway to redistribute traffic between routers using OSPF and routers using other routing protocols
is called an Autonomous System Boundary Router (ASBR).
An ABR uses LSAs to send information about available routes to other OSPF routers. Using ABR type
3 LSA filtering, you can have separate private and public areas with the security appliance acting as an
ABR. Type 3 LSAs (inter-area routes) can be filtered from one area to other. This lets you use NAT and
OSPF together without advertising private networks.
Note Only type 3 LSAs can be filtered. If you configure the security appliance as an ASBR in a private
network, it will send type 5 LSAs describing private networks, which will be broadcast to the entire
autonomous system (AS) including public areas.
If NAT is employed but OSPF is only running in public areas, routes to public networks can be
redistributed inside the private network, either as default or type 5 AS External LSAs. However, you
need to configure static routes for the private networks protected by the security appliance. Also, you
should not mix public and private networks on the same security appliance interface.
Related Topics
Configuring OSPF, page54-2
General Tab
Use the General panel on the OSPF page to enable up to two OSPF process instances. Each OSPF
process has its own associated areas and networks.
Note You cannot enable OSPF if you have RIP enabled.
Navigation Path
You can access the General panel from the OSPF Page; see Configuring OSPF, page 54-2 for more
information.
Related Topics
Area Tab, page54-6
Range Tab, page 54-8
Neighbors Tab, page54-10
Redistribution Tab, page54-11
Virtual Link Tab, page54 -13
Filtering Tab, page54-15
Summary Address Tab, page 54-17
Interface Tab, page 54-18