Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Ospf neighborship in different subnet

Hi Friends,

Ospf neighborship is not coming up.Please help.

sh ospf neighbor


Neighbor ID     Pri   State           Dead Time   Address         Interface
            N/A   0   DOWN/  -           -         10.224.16.122   outside

Firewall 1

interface Ethernet0/0

nameif outside

security-level 0

ip address 10.224.16.122 255.255.255.248 standby 10.224.16.123

ospf network point-to-point non-broadcast

router ospf 1
network 10.224.16.120 255.255.255.248 area 0
network 10.224.131.104 255.255.255.248 area 0
neighbor 10.224.131.106 interface outside
log-adj-changes

route outside 10.224.131.104 255.255.255.248 10.224.16.122 1
route outside 10.224.131.106 255.255.255.255 10.224.16.122 1

Firewall 2

interface Ethernet0/0
nameif outside
security-level 0
ip address 10.224.131.106 255.255.255.248 standby 10.224.131.107
ospf network point-to-point non-broadcast

router ospf 1
network 10.224.16.120 255.255.255.248 area 0
network 10.224.131.104 255.255.255.248 area 0
network 203.132.216.0 255.255.255.0 area 0
neighbor 10.224.16.122 interface outside
log-adj-changes

route outside 10.224.16.120 255.255.255.248 10.224.131.106 1
route outside 10.224.16.122 255.255.255.255 10.224.131.106 1

6 REPLIES

Re: Ospf neighborship in different subnet

Hi ,

The adjacency will not come up.The TTL of the OSPF packet is 1.

Dan

Hall of Fame Super Silver

Re: Ospf neighborship in different subnet

Hello Amitak,

adiajcency = to be in the SAME IP subnet

you cannot achieve OSPF neighborship over different IP subnets

this is by protocol design.

Every internal Gateway Protocol including RIP, RIPv2, EIGRP, OSPF requires this.

you need to enable OSPF also on device(s) in the middle

Hope to help

Giuseppe

New Member

Re: Ospf neighborship in different subnet

Hi,

Thanks for you reply.

I was refering the document

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00804acfea.shtml .The Ospf neighborship is being achieved with differnt ip segments ver VPN. I have a similar requirement and have done Crypto configuration too.

Can u please suggest ?

Hall of Fame Super Silver

Re: Ospf neighborship in different subnet

Hello Amitak,

I would suggest to use point to point GRE tunnels defined on the two routers.

the devices performing IPSec will encrypt traffic of the GRE tunnels

This is a well known configuration that can work

the ACL for the crypto map will have a line like

access-list 111 permit gre host A.B..C.D host E.F.G.H

on one side

access-list 111 permit gre host E.F.G.H host A.B..C.D

(mirrored ACLs)

the tunnel interface on R1 will be something like

interface tunnel12

ip address 10.10.100.1 255.255.255.252

tunnel source A.B.C.D

tunnel destination E.F.G.H

on other device R2:

interface tunnel12

ip address 10.10.100.2 255.255.255.252

tunnel source E.F.G.H

tunnel destination A.B.C.D

in this way you can run OSPF over the common IP subnet 10.10.100.0/30

router ospf

network 10.10.100.0 0.0.0.3 area 0

Note:

devices in the middle must be able to route traffic towards addresses used by IPSec endpoints.

Hope to help

Giuseppe

New Member

Re: Ospf neighborship in different subnet

This is quite helpful. But the device i am using is Cisco ASA and its

not supporting GRE tunnels.Your guidance would be of great help.

Cisco Employee

Re: Ospf neighborship in different subnet

If the asa is the middle device you can use the GRE Passthrough. If the ASA is actually doing OSPF, you can set-up an ipsec tunnel and adding the remote device as a unicast neighbor, using the neighbor command in the ospf configuration. This can also be done in ASDM.

you will find an example here:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00804acfea.shtml

1979
Views
0
Helpful
6
Replies