Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cannot establish EIGRP neighbor relationship between ASA and Cisco switch

Hello Forum

I am working at a client site today, and the task at hand is to establish a neighbor relationship between our ASA here and a 3750 switch.

It is a unique problem, in that on the Switch we are entering the IP address of the WAN interface of the ASA as a neighbor.  We configure this, but then it does not show up in the configuration.

here is the configuration from the ASA:

router eigrp 13
no auto-summary
neighbor 192.168.15.2 interface WAN
network 172.27.6.128 255.255.255.240
passive-interface outside
passive-interface DMZ

Here is the configuration from the switch:

router eigrp 13
network 172.27.6.128 0.0.0.15
neighbor 172.27.6.130 GigabitEthernet3/0/15
no auto-summary

When we try to add " neighbor 192.168.15.1 GigabitEthernet3/0/18" to the config, the following happens:

GADMZSWT01(config)#router eigrp 13
GADMZSWT01(config-router)#neighbor 192.168.15.1 g3/0/18
EIGRP: Static nbr 192.168.15.1 already in AS 13 GigabitEthernet3/0/18
GADMZSWT01(config-router)#

I set up a capture on the ASA on for port 88 tcp or udp to see any eigrp traffic moving, and we did not capture any frames.  We also allowed EIGRP on the ACL on the WAN interface.

Please help

thanks

Kevin

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Cannot establish EIGRP neighbor relationship between ASA and

Hello,

First of all, the firewall does not allow you to communicate with an interface that is not directly connected. So, if the inside switch tries to access the WAN interface (send eigrp updates to WAN interface IP), it may not work. Have you tried making inside interface IP as the neighbor? Secondly, I do not think EIGRP supports discontiguous networks i.e. it cannot establish neighbor relationship with a device that is not directly connected (barring few scenarios off-course). Please try making inside interface itself as the neighbor and see if that helps.

Regards,

NT

3 REPLIES
Cisco Employee

Re: Cannot establish EIGRP neighbor relationship between ASA and

Hello,

First of all, the firewall does not allow you to communicate with an interface that is not directly connected. So, if the inside switch tries to access the WAN interface (send eigrp updates to WAN interface IP), it may not work. Have you tried making inside interface IP as the neighbor? Secondly, I do not think EIGRP supports discontiguous networks i.e. it cannot establish neighbor relationship with a device that is not directly connected (barring few scenarios off-course). Please try making inside interface itself as the neighbor and see if that helps.

Regards,

NT

New Member

Re: Cannot establish EIGRP neighbor relationship between ASA and

Nagaraja

I hit the "answered" button by mistake.

The configuration scenario is as follows:

The WAN interface of the ASA (IP address 192.168.15.1) IS directly connected to the WAN switch (IP address 192.168.15.2).  As I had published in the original post, we are trying to make these two neighbors.

Kevin

Cisco Employee

Re: Cannot establish EIGRP neighbor relationship between ASA and

Hello Kevin,

Have you enabled EIGRP on the corresponding networks? From the outputs, I do not see EIGRP being enabled on 192.168 subnet. Also, could you do a "show ip eigrp neighbor detail" on the switch?

Regards,

NT

1064
Views
0
Helpful
3
Replies