EIGRP Adjancey is not Forming

Unanswered Question
Apr 3rd, 2008

Hi,

I have a topology of Router-->PIXFW-->CoreSW; the setup I have is as follows:

- The router is configured as router-in-stick where f0/0 is holding VLANs 101,102

- The PIX is configured in multiple-context mode where context1 outside holds VLAN 101 an and context2 outside holds VLAN 102. On the other hand, context1 inside holds VLAN 107 and context2 inside holds VLAN 104

- The core sw is connected to the PIX thru trunk link holding VLANs 104 & 107.

EIGRP 10 is configured on both the router and core sw and all the networks on both are advertised thru the EIGRP config, however no adjaceny is forming!

I have the following observations from both the different devices:

1- When adding the network 10.0.0.0 0.255.255.255 command under eigrp 10 inside the router & the core, and when doing sho run, I dont see the wildcard subnetmask next to 10.0.0.0 and I only see network 10.0.0.0 with no mask!!

2- When enabling debug eigrp packets and debug eigrp neighbors on both the router and the core I get the following messages:

07:37:24: EIGRP: Sending HELLO on Vlan104

07:37:24: AS 10, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0

3- I dont see any hits in the ACL allowing EIGRP to the multicase address or to the interface IP neither inbound nor outbound!

On the other hand, when adding static routes on both the router and the core they can ping each others!

Any ideas on why EIGRP is not working!

R/ Haitham

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Thu, 04/03/2008 - 15:45

Haitham

There are a couple of things to clarify.

1) Are the contexts running in routed mode or transparent mode.

2) What version of Pix software.

Pix v8.x has EIGRP support but not prior to that.

If the firewalls are in routed mode then EIGRP will not form an adjacency between the Router and the CoreSW because adjacencies are formed between interfaces on the same subnet.

Assuming your firewalls are in routed mode you have a number of choices

1) Upgrade to Pix v8.x for EIGRP support. I haven't used v8.x so i can't promise there still won't be problems.

2) Change to transparent mode and then the Router and CoreSW will be able to form an adjacency.

3) Use a GRE tunnel between the router and the CoreSW.

4) Use static routes.

If the firewalls are already in transparent mode ignore all that and please come back.

Jon

haithamnofal Thu, 04/03/2008 - 16:08

Hi Jon,

I am running PIX ver 7.2 and it is in routed mode.

So, this is the problem; the adjancey b/ the router and the core will not form becasue their interfaces are not in the same subnet! Is this the same with other IGRP like RIP and OSPF?

R/ Haitham

sundar.palaniappan Thu, 04/03/2008 - 17:35

Haitham,

You can't use any of the routing protocols (IGP) to pass routing updates between your core switch and outside router through the PIX operating in routed mode. Jon has clearly outlined the different options available to you to address this problem. If you aren't ready for any major changes on the PIX then GRE tunnel between inside and outside would provide the dynamic routing solution.

HTH

Sundar

Jon Marshall Fri, 04/04/2008 - 00:13

Haitham

I agree with Sundar's choice if you want to run EIGRP.

Pix v7.x does support OSPF but one thing i forgot to mention and one thing that may rule out option 1 is that in multiple context mode you cannot use a dynamic routing protocol on the firewall. Only single context mode allows this.

This may have changed with v8.x so i'll check the release notes when i have a moment.

Jon

Actions

This Discussion