02-21-2007 04:45 AM - edited 02-21-2020 01:25 AM
ASA Stops sending OSPF hellos
Dear Support,
Wondering if anyone else has come across this problem, but have two Cisco ASA 5510s ASA V7.2(1), DM V5.2(1) (in active/passive failover configuration). These are connected to a pair of 3750G-48-EMIs in a stack, OSPF is running on both, The ASAs are redistributing the outside, and DMZ interfaces by a defined route-map.
Everything normally works fine, but today I found that the neighbour relationship between the ASAs and 3750s had broke. I tried clearing the OSPF process on both the ASAs and 3750, but this would not resolve the problem. The 3750 would not show the ASAs in the neighbour list, but did have other devices (via a point-to-point link) as FULL state. The ASAs however would show the 3750s as INIT/DROTHER state.
Debugs showed that the ASAs were receiving hellos from the 3750s but was not sending any. The 3750s showed it was sending hellos but not receiving any from the ASAs
To resolve I had to reboot the ASAs. This is not my preferred solution as should not need to do this.
Has anyone else come across this problem, and is there a resolution? Or a bug track id?
Thank you in advance for your assistance.
I always rate helpful replies.
Best regards, Adrian
Solved! Go to Solution.
02-26-2007 01:39 PM
Adrian,
The bug workaround suggests adding static ARP for the neighbor device. Add a static ARP entry for the 3750 on your ASA. The bug only applies to ASA and hence, you shouldn't need a static entry on the 3750.
HTH
Sundar
02-22-2007 04:27 PM
Hello adrian
How frequent does this happen ?? I saw a bug ID CSCsd97134 - PIX/ASA ignores OSPF DBDs during adajency building , but this has been resolved in 7.2(1) , as per the release notes... might be some other issue..
Is the ASA in active-standby or active-active mode ? with active/active routing protocols will have issues... can you post us the configs if possible?
Raj
02-22-2007 04:43 PM
Hi,
Your symptoms seem to indicate you may be affected by this bug. If you are running one of the affected codes then apply the workaround suggested.
CSCsg00914 Bug Details
Headline OSPF neighbors dont form due to corrupted arp entry
Product pix-asa
Feature Unicast Routing Components Duplicate of
Severity 3 Severity help Status Verified Status help
First Found-in Version 7.2(1), 7.0(6) First Fixed-in Version 7.2(2), 7.2(1.26), 7.1(2.30), 7.0(6.10), 8.0(0.111) Version help
Release Notes
Symptom:
OSPF neighbors don't form
Conditions:
show ospf neighbors on the ASA running
7.2.1 displays the neighbors in INIT/DROTHER state.
The ASA may be attempting to send OSPF packets to a MAC address other than the
intended one, though non broadcast is disabled on the interface.
Workaround:
Clear the arp cache on the asa. If clearing the arp does not work, try adding a
static arp entry.
Further Problem Description:
A show arp should list the multicast address on the ASA.
HTH
Sundar
02-22-2007 04:56 PM
Hello sundar,
You hit the nail right on the head !!! surprising to see this through bug tool kit, but not included on the release notes of 7.2(1) !!!! I thought the release notes were the most authentic info ever that I will get :)
Cheers
Raj
02-26-2007 01:24 AM
Hi Sundar,
Many thanks for your assistance, this looks very similar to the problem that happened. I think I found out the root cause of the problem, the DC were changing the power to a metered power system that weekend, and seems the ASAs were booted before the 3750 stack, hence the arp cache corruption.
Currently with the ASAs working, I have the following Mac addresses, which one would you suggest needs to have a static entry;
Inside 192.168.16.3 0018.7317.93fb (the failover asa)
Inside 224.0.0.5 0100.5e00.0005
Inside 192.168.16.1 0019.2f70.8044 (3750 stack).
Inside MAC address 0018.1900.3a3f (the active asa inside address).
Do I need a static arp on the 3750 stack as well, this was sending hellos ok during the problem?
Thanks again for your expert advice.
Best regards, Adrian.
02-26-2007 01:39 PM
Adrian,
The bug workaround suggests adding static ARP for the neighbor device. Add a static ARP entry for the 3750 on your ASA. The bug only applies to ASA and hence, you shouldn't need a static entry on the 3750.
HTH
Sundar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide