Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA - FWSM OSPF Issues

                   Hi All,,

We are having some issues with OSPF interoperability between a FWSM and ASA 5540.

Both devices are running OSPF - if a network outage occurrs in can take over an hour once the network has recovered for the OPSF neighbour to be established between the devices.

The ASA shows Loading State while the FWSM shows FULL

FWSM running  4.0.7

ASA running 8.2.5

Packet captures revealed problems with Packet Fragmentation of the DBD's during establishment of the neighbour relationship.

The network has now returned to  stable state - however the problem will re occur at some time.

Has anyone had similar issues and resolved them ?

Thanks,

Pete

Everyone's tags (5)
2 REPLIES
Cisco Employee

ASA - FWSM OSPF Issues

Pete,

I would recommend you to open a TAC case and try to have them to replicate the issue and see if it is a known issue. Version of the ASA seems to be OK.

Is the FWSM the only current neigbor that the ASA has, does the FWSM has another neighbor on which it had the same issue?

Mike

Mike
Community Member

ASA - FWSM OSPF Issues

Hi Mike,

Thanks for the reply. One of my colleagues had logged a TAC case recently and the advise was to redesign OSPF networking to reduce size of DBD packets and prevent fragmentation.

I accept this as a valid recommendation - the network does need work but was also looking for real life experiences where people had fixed similar issues.

I am looking at introducing another OSPF area and summarising as many routes as possible. I am also investigating / confirming MTU sizes on switch between ASA and FWSM.  Based on some other research I am wondering whether I can increase MTU on FWSM,ASA and the interconnecting 3750 to alleviate issue.

The ASA has another neighbour with no problems - but very few routes recieved on the other network.

Thanks,

Pete

786
Views
0
Helpful
2
Replies
CreatePlease to create content