OSPF issue on ASA

Unanswered Question
Sep 24th, 2008
User Badges:
  • Purple, 4500 points or more

First off, I don't have the config and won't have the config until I get home tonight, but I'm throwing this out there for anyone that may have seen this in the past.


I have a 871W router connected to my ISP's cable modem. I have an ASA 5505 connected to the 871W, and all of my hosts are behind it. I've configured OSPF on the 871W in area 0 and I've configured the ASA in area 0 also. NAT'ing is turned off on the ASA.


I've got another 871 router that hangs off of the 871W, and it's running OSPF also.


871:


public: 192.168.2.2

private: 10.30.0.1


router ospf 100

network 10.30.0.0 0.0.0.255 area 0

network 192.168.2.0 0.0.0.255 area 0


Specs:


871W:

public int - dhcp

private int - 10.1.1.1

vlan - 192.168.2.1


router ospf 100

network 10.1.1.0 0.0.0.255 area 0

network 192.168.2.0 0.0.0.255 area 0


ASA:

public: 10.1.1.2

private: 10.20.0.1


no global statement

nat (inside) 0 0.0.0.0 0.0.0.0


router ospf 100

network 10.20.0.0 0.0.0.255 area 0


access-list TEST permit ip 10.1.1.0 any

access-list TEST permit ospf 10.1.1.0 any

access-group TEST in inter outside



I don't get any of the routes on the ASA for the 192.168.2.0 network at all, and there are no routes other than my connected routes on the ASA. I don't get hits on any of the lines in my access list either.


On the other two routers, there is an OSPF adjacency with no problems, and they show all of the correct routes.


I've done a debug ospf adj on the ASA, and I get nothing.


I know this isn't the optimal way for me to throw this question out there, but I figured I'd give it a shot. This is a home lab which is why I can't get to it until tonight.


Thanks!!


John

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
u0087672js Wed, 09/24/2008 - 10:31
User Badges:

It maybe trying to form a neighbor adj. with your other route and using the 192.168.2.0 address. Try adding an ACL entry to allow OSPF from that address.

John Blakley Wed, 09/24/2008 - 10:36
User Badges:
  • Purple, 4500 points or more

I tried to change the acl at one point to:


permit ospf any any (didn't know if IP would cover it)

permit ip any any


and I STILL didn't get hits on the ospf line, but I had a ton of errors with the adjacency. The error was something like:


Received OSPF packet from unknown neighbor (192.168.2.2) in area 192.168.2.0


I originally had 2 areas: 0 and 192.168.2.0


router - router : areas 0 and 192.168.2.0


router - ASA : area 0


The ASA was seeing traffic from the 192.168.2.0 network for some reason. I'm just trying to learn the way OSPF works with multiple areas too.


Thanks!

John

u0087672js Wed, 09/24/2008 - 10:41
User Badges:

Try manually adding the neighbor by doing the following.


router(config-router)neighbor 192.168.2.2


John Blakley Wed, 09/24/2008 - 10:44
User Badges:
  • Purple, 4500 points or more

I do this on the ASA?


I guess my next question would be why would the ASA see the traffic from a different area? Is it because I had area 0 on the ASA, and area 0 knows about all routes, but if that was the case, why was the router on the other end trying to make the adjacency?


I'm going to try to do a topology in-line:


ASA (area 0) - Rtr1 (area 0, 192.168.2.0) - rtr2 (area 0, 192.168.2.0)


That's the way the config is, and I was going to add two more routers behind the rtr2 network and run eigrp on those.


Thanks!

John

u0087672js Wed, 09/24/2008 - 10:48
User Badges:

They are not it different areas according to your config. They are all in area 0.

John Blakley Wed, 09/24/2008 - 10:49
User Badges:
  • Purple, 4500 points or more

On my new (current) config, yes, I've removed the 192.168.2.0 area. On my original, I tried to separate them, but apparently I didn't do something right.

Giuseppe Larosa Wed, 09/24/2008 - 11:26
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello John,


on ASA add


router ospf 100

network 10.1.1.0 0.0.0.255 area 0


reason:

for building an OSPF adj two routers must run OSPF on the common subnet and it looks like that this subnet is 10.1.1.0/24


or the net 10.30.0.0 is wrong on first 871


Hope to help

Giuseppe



Actions

This Discussion