54-40
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 54 Configuring Routing Policies on Firewall Devices
Configuring RIP
Configuring RIP
Routing Information Protocol (RIP) is a dynamic routing protocol, or more precisely, an interior gateway
protocol that is based on distance vectors. RIP uses hop count as the metric for path selection. When RIP
is enabled on an interface, the interface exchanges RIP broadcast packets with neighboring devices to
dynamically learn about and advertise routes. These RIP packets contain information about the
destination networks that the gateways can reach, and the number of gateways that a packet must travel
through to reach those destinations.
Cisco Security Manager supports both RIP version 1 and RIP version 2. Version 1 does not send the
subnet mask with the routing update; RIP version 2 sends the subnet mask with the routing update, and
supports variable-length subnet masks. Additionally, RIP version 2 supports neighbor authentication
when routing updates are exchanged. This authentication ensures that the security appliance receives
reliable routing information from a trusted source.
Note You cannot enable RIP if you have OSPF processes running.
Limitations
RIP has the following limitations:
Cisco Security Manager cannot pass RIP updates between interfaces.
RIP Version 1 does not support variable-length subnet masks.
RIP has a maximum hop count of 15. A route with a hop count greater than 15 is considered
unreachable.
RIP convergence is relatively slow compared to other routing protocols.
RIP Version 2 Notes
The following information applies to RIP Version 2 only:
If using neighbor authentication, the authentication key and key ID must be the same on all neighbor
devices that provide RIP version 2 updates to the interface.
With RIP version 2, the security appliance transmits and receives default route updates using the
multicast address 224.0.0.9. In passive mode, it receives route updates at that address.
When RIP version 2 is configured on an interface, the multicast address 224.0.0.9 is registered on
that interface. When a RIP version 2 configuration is removed from an interface, that multicast
address is unregistered.
Using Security Manager to Configure RIP on Security Appliances
Use the RIP page to enable the Routing Information Protocol on an interface. The settings and features
available when configuring RIP depend on the type of device and OS version that you are configuring:
To configure RIP on a PIX Firewall or ASA running an OS version earlier than 7.2, or on any
FWSM, see RIP Page for PIX/ASA 6.3–7.1 and FWSM, page 54-41.
To configure RIP on a PIX Firewall or ASA running OS version 7.2 or later, see RIP Page for
PIX/ASA 7.2 and Later, page 54-42.
Related Topics
Configuring Static Routes, page 54-48
Configuring OSPF, page54-2