PIX 515e не анонсирует маршруты по OSPF

[Hind-D]

На столе связка 2801 и 515е.

 

Кусок конфига 2801

interface FastEthernet0/0

ip address 192.168.4.5 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip virtual-reassembly

speed auto

full-duplex

no keepalive

!

interface FastEthernet0/1

ip address 10.255.245.161 255.255.255.224

no ip redirects

no ip unreachables

no ip proxy-arp

ip virtual-reassembly

speed auto

full-duplex

no keepalive

!

router ospf 1

router-id 255.255.255.255

log-adjacency-changes

redistribute connected subnets

redistribute static subnets

passive-interface default

no passive-interface FastEthernet0/1

network 10.255.245.160 0.0.0.31 area 5

default-information originate

!

ip forward-protocol nd

no ip forward-protocol udp netbios-ns

no ip forward-protocol udp netbios-dgm

ip route 0.0.0.0 0.0.0.0 192.168.4.1

!

!

no ip http server

ip http access-class 7

ip http authentication aaa

no ip http secure-server

.................................

 

конфиг 515е

 

PIX Version 8.0(4)

!

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd UwiM/pkFcM.xYc8s encrypted

names

!

interface Ethernet0

nameif backbone

security-level 0

ip address 10.255.245.166 255.255.255.224

ospf cost 10

ospf priority 0

ospf database-filter all out

!

interface Ethernet1

nameif AKM

security-level 0

ip address 10.255.244.2 255.255.255.248

ospf cost 10

ospf authentication null

!

interface Ethernet2

nameif int

security-level 0

ip address 192.168.5.2 255.255.255.0

ospf cost 10

ospf authentication null

!

interface Ethernet3

nameif Umera60-Kivila1

security-level 0

ip address 10.255.246.241 255.255.255.248

ospf cost 10

ospf authentication null

!

boot system flash:/pix804.bin

ftp mode passive

dns server-group DefaultDNS

domain-name wifilink.ee

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

access-list int_access_in extended permit ip any any

access-list backbone_access_in extended permit ip any any

access-list AKM_access_in extended permit ip any any

access-list Umera60-Kivila1_access_in extended permit ip any any

access-list ospf_route standard permit 10.255.245.160 255.255.255.224

pager lines 24

logging enable

logging asdm informational

mtu backbone 1500

mtu AKM 1500

mtu int 1500

mtu Umera60-Kivila1 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image flash:/asdm-613.bin

no asdm history enable

arp timeout 14400

access-group backbone_access_in in interface backbone

access-group AKM_access_in in interface AKM

access-group int_access_in in interface int

access-group Umera60-Kivila1_access_in in interface Umera60-Kivila1

!

route-map pix permit 10

match ip address ospf_route

!

!

!

router ospf 1

router-id 10.255.245.166

network 10.255.245.160 255.255.255.224 area 5

area 5

no compatible rfc1583

log-adj-changes detail

redistribute connected metric 10 metric-type 1 subnets route-map ospf_route

redistribute static metric 10 metric-type 1 subnets

default-information originate

!

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 0.0.0.0 0.0.0.0 int

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

sysopt noproxyarp backbone

sysopt noproxyarp AKM

sysopt noproxyarp int

sysopt noproxyarp Umera60-Kivila1

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet 0.0.0.0 0.0.0.0 int

telnet timeout 5

ssh timeout 5

console timeout 1

no threat-detection basic-threat

no threat-detection statistics access-list

no threat-detection statistics tcp-intercept

!

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

!

prompt hostname context

Cryptochecksum:9b1270034a5afc41f1a7a563db9924f1

: end

 

Соединены через 5 ареа.

 

пикс рутинги получает прекрастно

O E2 192.168.4.0 255.255.255.0 [110/20] via 10.255.245.161, 0:11:59, backbone

C 192.168.5.0 255.255.255.0 is directly connected, int

C 10.255.245.160 255.255.255.224 is directly connected, backbone

O*E2 0.0.0.0 0.0.0.0 [110/1] via 10.255.245.161, 0:11:59, backbone

 

 

а 2801 - фиг

Gateway of last resort is 192.168.4.1 to network 0.0.0.0

 

C 192.168.4.0/24 is directly connected, FastEthernet0/0

10.0.0.0/27 is subnetted, 1 subnets

C 10.255.245.160 is directly connected, FastEthernet0/1

S* 0.0.0.0/0 [1/0] via 192.168.4.1

 

 

ЧЯДН ?

 

Заранее благодарен