Cannot establish EIGRP neighbor relationship between ASA and Cisco switch

Answered Question
Jul 8th, 2010

Hello Forum

I am working at a client site today, and the task at hand is to establish a neighbor relationship between our ASA here and a 3750 switch.

It is a unique problem, in that on the Switch we are entering the IP address of the WAN interface of the ASA as a neighbor.  We configure this, but then it does not show up in the configuration.

here is the configuration from the ASA:

router eigrp 13
no auto-summary
neighbor 192.168.15.2 interface WAN
network 172.27.6.128 255.255.255.240
passive-interface outside
passive-interface DMZ

Here is the configuration from the switch:

router eigrp 13
network 172.27.6.128 0.0.0.15
neighbor 172.27.6.130 GigabitEthernet3/0/15
no auto-summary

When we try to add " neighbor 192.168.15.1 GigabitEthernet3/0/18" to the config, the following happens:

GADMZSWT01(config)#router eigrp 13
GADMZSWT01(config-router)#neighbor 192.168.15.1 g3/0/18
EIGRP: Static nbr 192.168.15.1 already in AS 13 GigabitEthernet3/0/18
GADMZSWT01(config-router)#

I set up a capture on the ASA on for port 88 tcp or udp to see any eigrp traffic moving, and we did not capture any frames.  We also allowed EIGRP on the ACL on the WAN interface.

Please help

thanks

Kevin

I have this problem too.
0 votes
Correct Answer by Nagaraja Thanthry about 6 years 6 months ago

Hello,

First of all, the firewall does not allow you to communicate with an interface that is not directly connected. So, if the inside switch tries to access the WAN interface (send eigrp updates to WAN interface IP), it may not work. Have you tried making inside interface IP as the neighbor? Secondly, I do not think EIGRP supports discontiguous networks i.e. it cannot establish neighbor relationship with a device that is not directly connected (barring few scenarios off-course). Please try making inside interface itself as the neighbor and see if that helps.

Regards,

NT

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Nagaraja Thanthry Thu, 07/08/2010 - 07:05

Hello,

First of all, the firewall does not allow you to communicate with an interface that is not directly connected. So, if the inside switch tries to access the WAN interface (send eigrp updates to WAN interface IP), it may not work. Have you tried making inside interface IP as the neighbor? Secondly, I do not think EIGRP supports discontiguous networks i.e. it cannot establish neighbor relationship with a device that is not directly connected (barring few scenarios off-course). Please try making inside interface itself as the neighbor and see if that helps.

Regards,

NT

Kevin Melton Thu, 07/08/2010 - 07:16

Nagaraja

I hit the "answered" button by mistake.

The configuration scenario is as follows:

The WAN interface of the ASA (IP address 192.168.15.1) IS directly connected to the WAN switch (IP address 192.168.15.2).  As I had published in the original post, we are trying to make these two neighbors.

Kevin

Nagaraja Thanthry Thu, 07/08/2010 - 08:04

Hello Kevin,

Have you enabled EIGRP on the corresponding networks? From the outputs, I do not see EIGRP being enabled on 192.168 subnet. Also, could you do a "show ip eigrp neighbor detail" on the switch?

Regards,

NT

Actions

This Discussion