Hey Jon,

when I tried to do that on my ASA it says this

fw-miss-dr-can-asa5520-01(config-router)# network 192.168.0.193 0.0.0.63
% EIGRP: Invalid mask (discontiguous)

b.rockburn wrote:
Hey Jon,
when I tried to do that on my ASA it says this
fw-miss-dr-can-asa5520-01(config-router)# network 192.168.0.193 0.0.0.63
% EIGRP: Invalid mask (discontiguous)

Brent

Try "network 192.168.0.192 0.0.0.63"

Jon

fw-miss-dr-can-asa5520-01(config-router)# network 192.168.0.192 0.0.0.63
% EIGRP: Invalid mask (discontiguous)

when I do network 192.168.0.193 255.255.255.192 it takes it and yes changes it to 192.168.0.192 255.255.255.192

Brent

Just checked the ASA config guide and it looks like the ASA does use normal subnet masks and not inverse masks so please ignore me

Jon

Hi Brent

As per my understanding, you have connected ASA directly to 6509.

And Currently you have Inside, DMZ  & Outside Network.

Can you please share the topology, so that can help us to know the network & issue?

You have connected ASA directly to 6509 & you are trying to run both DMZ & Inside Network on single cable. (Physical Cabling & Single Interface in ASA)

So you should configure ASA with VLAN (Sub -interface). One Will be DMZ layer 3 interface & One will be Inside Layer 3 Interface.(Below is Example )

ASA Configuration

interface GigabitEthernet0/0

description ***** Connected to 6509-I *****

no nameif

no security-level

no ip address

Outside Network

!

interface GigabitEthernet0/0.2

description ***** Connected to 6509-I - Server VLAN *****

vlan 2

nameif DMZ-Zone

security-level 50

ip address x.x.x.x x.x.x.x standby x.x.x.x

!

Inside Network

interface GigabitEthernet0/0.2

description ***** Connected to 6509-I Inside VLAN ****

vlan 140

nameif INSIDE-Zone

security-level 100

ip address x.x.x.x x.x.x.x standby x.x.x.x

6509 Switch Configuration

interface GigabitEthernet1/1

description ***** Connected To ASA-I *****

switchport trunk encapsulation dot1q

switchport mode trunk

In ASA you will use two physical interface one for Outside & One for Inside & DMZ ( Using Sub-Interface)

And the important thing is that the cable from ASA to 6509 should be trunk to pass multiple VLAN. (in 6509 you should configure trunk)

If your senario is else , Please let us know.

Regards

chetan Kumar

yes that portion of the configuration I have down there is no problem there.

The problem appears to be with EIGRP and the ASA, I'm not sure how the two should interact.

Hi Brent

Please refer the attach diagram .

The below config is for DMZ network. The Gateway for Server is ASA any request from server will come directly to ASA (to below interface ). Because we had configured trunk in 6509 and in 6509 we had configured Server VLAN (L2 VLAN) and all server ports as associated to Server VLAN .Trunk will pass this Server VLAN traffic to ASA and then ASA will reply to those Server.

interface GigabitEthernet0/0.2

description ***** Connected to 6509-I - Server VLAN *****

vlan 2

nameif DMZ-Zone

security-level 50

ip address X.X.X.X X.X.X.X standby X.X.X.X

And here you can see, this is management interface to communicate between ASA & 6509 were routing will be done to pass 6509 route to ASA. We had configured ASA with sub- Interface i.e VLAN 10 and assign ip address 1.1.1.1 & In switch we create layer 3 interface name as VLAN10 & assign IP add 1.1.1.2 . Switch ports is configured as trunk & trunk will pass request to ASA (VLAN 10 Traffic). So you can see that trunk will pass both VLAN information to ASA , So in same way it will communicated vice versa.

interface GigabitEthernet0/0.10

description ***** Connected to 6509-I Inside zone ****

vlan 10

nameif INSIDE-Zone

security-level 100

ip address 1.1.1.1 255.255.255.0

Switch configuration 

interface vlan 10

ip add 1.1.1.2 255.255.255.0

interface GigabitEthernet1/1

description ***** Connected To ASA *****

switchport trunk encapsulation dot1q

switchport mode trunk

Regards

Chetan Kumar

I had same problem in ASA8.6, but resolved.

Kindly find the EIGRP specific configuration

Interface configuration

!

interface GigabitEthernet0/0

description Links to WAN Router

nameif OUTSIDE

security-level 50

ip address 10.1.1.4 255.255.255.192 standby 10.1.1.5

summary-address eigrp 100 10.1.0.0 255.255.0.0 1

!

Eigrp Protocol Confiuration

access-list eigrpACL_FR standard permit any

!

router eigrp 100

distribute-list eigrpACL_FR in interface OUTSIDE

neighbor 10.1.1.3 interface OUTSIDE

neighbor 10.1.1.2 interface OUTSIDE

network 10.1.1.0 255.255.255.192

redistribute connected

redistribute static

!

Regards,

Bhanu.

Note :If it resolves your problem flag it as Resolved.

I had same problem in ASA8.6, but resolved.

Kindly find the EIGRP specific configuration

Interface configuration

!

interface GigabitEthernet0/0

description Links to WAN Router

nameif OUTSIDE

security-level 50

ip address 10.1.1.4 255.255.255.192 standby 10.1.1.5

summary-address eigrp 100 10.1.0.0 255.255.0.0 1

!

Eigrp Protocol Confiuration

access-list eigrpACL_FR standard permit any

!

router eigrp 100

distribute-list eigrpACL_FR in interface OUTSIDE

neighbor 10.1.1.2 interface OUTSIDE

network 10.1.1.0 255.255.255.192

redistribute connected

redistribute static

!

Regards,

Bhanu.

Note : If it resolves youe issue , flag it as Resolved.