Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

EIGRP losing adj

I have a customer with a pretty straight forward setup:
site 1: 
-2821 edge router
-6513 sup720 6548 blades
-ASA 5525x (915) pair
site 2:
-2821 edge router
-4506 sup 6 4648 blades
-ASA 5520 (915) pair
 
Site 1 and site 2 are connected via a one gig dot1q provider link. The 2821 routers have internet connections at the respective sites and announce a /24 to the internet via BGP and recieve a default only.  Same VLAN on the inside connects the ASA to the 4500 and 6513. iBGP mesh is pinned up on a l2 vlan that connects the ASAs outside to the edge routers
 
When I started this project they had the 5520s at site 2 running 822.  They wanted to migrate to a routing protocol, upgrade
to the 25x as the main firewall at site #1 and use the 5520 at site two as a backup on 915
 
Change 1:
-Enabled eigrp and removed all static routes 5520s (822) 4506 and 6513
-Change went fine
-Redistribute static default on the 5520 to the rest inside
 
Change 2:
-implemented 25x (915) at site #1 and powered down 20 
-After this change the  25x would loose adjacentcy to the 4506 during the night time bandwidth seemed way lower 
than during day 
-During the day 7:30am to 10pm the adj was stable and it would only be the 4506 to the ASA
-Logs and debugs indicated lost hellos and dead time expired.  
-Troubleshot this with several TAC engineers and they increased the dead timer to 30 sec on the ASA
-This stablized it (I did not like this fix because we did not find the packet loss)
 
Change 3:
-Implemented Cisco IPS on 25x
-Exact same issue came back
-SSL security event fired when the adj went down destination was a citrix goto assist thing  expresscity.com
-http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=5403&signatureSubId=0&softwareVersion=6.0&releaseVersion=S81
 
Change 4: (customer wanted to push forward against recommendations to fix issue)
-Implement 5520 at site 2
-Implement separate VLANs between ASA 25x and 6513 and 20 and 4506
-Implement EIGRP routing in edge to announce /24 from ASAs to edge routers and announce default back to ASAs
  -Edge router at site 1 looses eigrp to all neis BGP is stable
-Everything else is stable
-IPS was sent to deny the event firing before and it stopped
 
-The only thing I could find was the 25x has a etherchannel with one port in blade 1 and the edge router is plugged into blade 1 and drops in blade 1
Interface Resources
  Interface drops:
    Module    Total drops:    Tx            Rx      Highest drop port:  Tx  Rx
    1                   58078770       4395400                          23   9
    2                          0       1120762                           0  34
    3                          0         41286                           0   2
    5                      28757             0                           7   0
    13                         0           552                           0   5
 
  Interface buffer sizes:
    Module                            Bytes:     Tx buffer           Rx buffer
    5                                               442368               81920
SWOHHODC6513#
 
I am at a total loss here hoping some can shed some light on this one.  I cannot grab ahold of anything since this happens at night when bandwidh is low.  
They have one person in the office doing small file transfers at this time BW and connections is exteremely low
Interface counters show no errors, no auto neg probs or anything like that. 
41
Views
0
Helpful
0
Replies
CreatePlease to create content