Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1345
Views
0
Helpful
3
Replies

Cannot establish EIGRP neighbor relationship between ASA and Cisco switch

Go to solution
Kevin Melton
Level 2
Level 2

‎07-08-2010 06:43 AM - edited ‎03-06-2019 11:57 AM

Hello Forum

I am working at a client site today, and the task at hand is to establish a neighbor relationship between our ASA here and a 3750 switch.

It is a unique problem, in that on the Switch we are entering the IP address of the WAN interface of the ASA as a neighbor.  We configure this, but then it does not show up in the configuration.

here is the configuration from the ASA:

router eigrp 13
no auto-summary
neighbor 192.168.15.2 interface WAN
network 172.27.6.128 255.255.255.240
passive-interface outside
passive-interface DMZ

Here is the configuration from the switch:

router eigrp 13
network 172.27.6.128 0.0.0.15
neighbor 172.27.6.130 GigabitEthernet3/0/15
no auto-summary

When we try to add " neighbor 192.168.15.1 GigabitEthernet3/0/18" to the config, the following happens:

GADMZSWT01(config)#router eigrp 13
GADMZSWT01(config-router)#neighbor 192.168.15.1 g3/0/18
EIGRP: Static nbr 192.168.15.1 already in AS 13 GigabitEthernet3/0/18
GADMZSWT01(config-router)#

I set up a capture on the ASA on for port 88 tcp or udp to see any eigrp traffic moving, and we did not capture any frames.  We also allowed EIGRP on the ACL on the WAN interface.

Please help

thanks

Kevin

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee

‎07-08-2010 07:05 AM

Hello,

First of all, the firewall does not allow you to communicate with an interface that is not directly connected. So, if the inside switch tries to access the WAN interface (send eigrp updates to WAN interface IP), it may not work. Have you tried making inside interface IP as the neighbor? Secondly, I do not think EIGRP supports discontiguous networks i.e. it cannot establish neighbor relationship with a device that is not directly connected (barring few scenarios off-course). Please try making inside interface itself as the neighbor and see if that helps.

Regards,

NT

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee

‎07-08-2010 07:05 AM

Hello,

First of all, the firewall does not allow you to communicate with an interface that is not directly connected. So, if the inside switch tries to access the WAN interface (send eigrp updates to WAN interface IP), it may not work. Have you tried making inside interface IP as the neighbor? Secondly, I do not think EIGRP supports discontiguous networks i.e. it cannot establish neighbor relationship with a device that is not directly connected (barring few scenarios off-course). Please try making inside interface itself as the neighbor and see if that helps.

Regards,

NT

0 Helpful

Go to solution
Kevin Melton
Level 2
Level 2
In response to Nagaraja Thanthry

‎07-08-2010 07:16 AM

Nagaraja

I hit the "answered" button by mistake.

The configuration scenario is as follows:

The WAN interface of the ASA (IP address 192.168.15.1) IS directly connected to the WAN switch (IP address 192.168.15.2).  As I had published in the original post, we are trying to make these two neighbors.

Kevin

0 Helpful

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee
In response to Kevin Melton

‎07-08-2010 08:04 AM

Hello Kevin,

Have you enabled EIGRP on the corresponding networks? From the outputs, I do not see EIGRP being enabled on 192.168 subnet. Also, could you do a "show ip eigrp neighbor detail" on the switch?

Regards,

NT

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card