cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3375
Views
15
Helpful
23
Replies

[Resolved] EIGRP ASA<->3825 stuck on update.

Eugene Khabarov
Level 7
Level 7

Hi, community. I have strange problem between Cisco ASA 5510 with 8.4.2 and Cisco 3825 with IOS 15.0(1)M7 (same with 12.4(15)T15).

asa# sh eigrp neighbors

EIGRP-IPv4 neighbors for process 1

H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq

                                            (sec)         (ms)       Cnt Num

0   10.27.6.3               Et0/0            14  00:00:14 1    5000  2   66099

As you can see here two routes in the queue always.

Here is debug eigrp packets update:

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 2, RTO 4500 topoid 0

  AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 3, RTO 5000 topoid 0

  AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 4, RTO 5000 topoid 0

  AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 5, RTO 5000 topoid 0

  AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 6, RTO 5000 topoid 0

  AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 7, RTO 5000 topoid 0

  AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 8, RTO 5000 topoid 0

  AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 9, RTO 5000 topoid 0

  AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 10, RTO 5000 topoid 0

  AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 11, RTO 5000 topoid 0

  AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 12, RTO 5000 topoid 0

  AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 13, RTO 5000 topoid 0

  AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 14, RTO 5000 topoid 0

  AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 15, RTO 5000 topoid 0

  AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 16, RTO 5000 topoid 0

  AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Enqueueing UPDATE on Ethernet0/0 nbr 10.27.6.3 topoid 0 iidbQ un/rely 0/1 peerQ un/rely 0/0

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3 topoid 0

  AS 65536, Flags 0x1, Seq 6257/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/1

EIGRP: Enqueueing UPDATE on Ethernet0/0 topoid 0 iidbQ un/rely 0/1 serno 1-1

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/1 peerQ un/rely 0/1

EIGRP: Enqueueing UPDATE on Ethernet0/0 nbr 10.27.6.3 topoid 0 iidbQ un/rely 0/0 peerQ un/rely 0/1 serno 1-1

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 1, RTO 3000 topoid 0

  AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 2, RTO 4500 topoid 0

  AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 3, RTO 5000 topoid 0

  AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 4, RTO 5000 topoid 0

  AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 5, RTO 5000 topoid 0

  AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 6, RTO 5000 topoid 0

  AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 7, RTO 5000 topoid 0

  AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 8, RTO 5000 topoid 0

  AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 9, RTO 5000 topoid 0

  AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 10, RTO 5000 topoid 0

  AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 11, RTO 5000 topoid 0

  AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 12, RTO 5000 topoid 0

  AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 13, RTO 5000 topoid 0

  AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 14, RTO 5000 topoid 0

  AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 15, RTO 5000 topoid 0

  AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 16, RTO 5000 topoid 0

  AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2

sh EIGRP: Enqueueing UPDATE on Ethernet0/0 nbr 10.27.6.3 topoid 0 iidbQ un/rely 0/1 peerQ un/rely 0/0

EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3

  AS 65536, Flags 0x1, Seq 66099/0 interfaceQ 255/255 iidbQ un/rely 0/1 peerQ un/rely 0/0

EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3 topoid 0

  AS 65536, Flags 0x1, Seq 6259/66099 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/1

EIGRP: Enqueueing UPDATE on Ethernet0/0 topoid 0 iidbQ un/rely 0/1 serno 1-1

EIGRP: Enqueueing UPDATE on Ethernet0/0 nbr 10.27.6.3 topoid 0 iidbQ un/rely 0/0 peerQ un/rely 0/1 serno 1-1

On the other side (3825) output looks like this:

3825#sh ip eigrp neighbors G0/0.660

EIGRP-IPv4 Neighbors for AS(1)

H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq

                                            (sec)         (ms)       Cnt Num

35  10.27.6.1               Gi0/0.660         11 00:00:25    1  5000  1  0

3825#sh ip eigrp interfaces G0/0.660

EIGRP-IPv4 Interfaces for AS(1)

                        Xmit Queue   Mean   Pacing Time   Multicast    Pending

Interface        Peers  Un/Reliable  SRTT   Un/Reliable   Flow Timer   Routes

Gi0/0.660          1        0/0         0       0/1           50         276

And debug "eigrp packet update" shows this:

t 28 10:15:40.726:   AS 1, Flags 0x0:(NULL), Seq 0/66108 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1

Oct 28 10:15:42.002: EIGRP: Sending UPDATE on GigabitEthernet0/0.660 nbr 10.27.6.1, retry 2, RTO 4500 tid 0

Oct 28 10:15:42.002:   AS 1, Flags 0x1:(INIT), Seq 66099/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1

Oct 28 10:15:46.502: EIGRP: Sending UPDATE on GigabitEthernet0/0.660 nbr 10.27.6.1, retry 3, RTO 5000 tid 0

Oct 28 10:15:46.502:   AS 1, Flags 0x1:(INIT), Seq 66099/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1

Oct 28 10:15:51.503: EIGRP: Sending UPDATE on GigabitEthernet0/0.660 nbr 10.27.6.1, retry 4, RTO 5000 tid 0

Oct 28 10:15:51.503:   AS 1, Flags 0x1:(INIT), Seq 66099/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1

Oct 28 10:15:56.503: EIGRP: Sending UPDATE on GigabitEthernet0/0.660 nbr 10.27.6.1, retry 5, RTO 5000 tid 0

Oct 28 10:15:56.503:   AS 1, Flags 0x1:(INIT), Seq 66099/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1

Oct 28 10:16:01.503: EIGRP: Sending UPDATE on GigabitEthernet0/0.660 nbr 10.27.6.1, retry 6, RTO 5000 tid 0

Oct 28 10:16:01.503:   AS 1, Flags 0x1:(INIT), Seq 66099/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1

Oct 28 10:16:06.503: EIGRP: Sending UPDATE on GigabitEthernet0/0.660 nbr 10.27.6.1, retry 7, RTO 5000 tid 0

Oct 28 10:16:06.503:   AS 1, Flags 0x1:(INIT), Seq 66099/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1

Oct 28 10:16:11.503: EIGRP: Sending UPDATE on GigabitEthernet0/0.660 nbr 10.27.6.1, retry 8, RTO 5000 tid 0

Oct 28 10:16:11.503:   AS 1, Flags 0x1:(INIT), Seq 66099/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1

Oct 28 10:16:16.503: EIGRP: Sending UPDATE on GigabitEthernet0/0.660 nbr 10.27.6.1, retry 9, RTO 5000 tid 0

Oct 28 10:16:16.503:   AS 1, Flags 0x1:(INIT), Seq 66099/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1

Oct 28 10:16:21.503: EIGRP: Sending UPDATE on GigabitEthernet0/0.660 nbr 10.27.6.1, retry 10, RTO 5000 tid 0

Oct 28 10:16:21.503:   AS 1, Flags 0x1:(INIT), Seq 66099/0 interfaceQ 1/0 iidbQ un/rely 0/0 peerQ un/rely 0/1

Oct 28 10:16:26.503: EIGRP: Sending UPDATE on GigabitEthernet0/0.660 nbr 10.27.6.1, retry 11, RTO 5000 tid 0

Oct 28 10:16:26.503:   AS 1, Flags 0x1:(INIT), Seq 66099/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1

Oct 28 10:16:31.503: EIGRP: Sending UPDATE on GigabitEthernet0/0.660 nbr 10.27.6.1, retry 12, RTO 5000 tid 0

Oct 28 10:16:31.503:   AS 1, Flags 0x1:(INIT), Seq 66099/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1

Oct 28 21:16:56 KHB: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.27.6.1 (GigabitEthernet0/0.660) is down: Interface PEER-TERMINATION received

Oct 28 21:16:57 KHB: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.27.6.1 (GigabitEthernet0/0.660) is up: new adjacency

Oct 28 21:18:16 KHB: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.27.6.1 (GigabitEthernet0/0.660) is down: Interface PEER-TERMINATION received

Oct 28 21:18:20 KHB: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.27.6.1 (GigabitEthernet0/0.660) is up: new adjacency

From router I can ping ASA:

3825#ping 10.27.6.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.27.6.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

BUT I CAN'T FROM ASA! That's strange because there is no control-plane access-lists.

asa# ping 10.27.6.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.27.6.3, timeout is 2 seconds:

?????

Success rate is 0 percent (0/5)

There is only 3750G switch between them. No kind of VACL or mac address-lists configured on facing ports.

Interesting that I have another pair of 3825-asa with similar configuration plugged into the same switch in another vlan between them and they have no such issue.

Please suggest that to check? How to troubleshoot? Troubleshooting steps?

Another question is regarding debug output on ASA. Why I can see there AS65536 although my AS is 1?

23 Replies 23

Hi,

so ASA never sends unicast messages  to the 3825 but receives them from the router.

From the previous debug  it was trying to send unicast updates but was never receiving acks from the router and the router was sending unicats updates but was never receiving acks from the ASA.

So we can see that the problem is surely on the ASA side which is sending multicast hellos but not unicast updates or acks out its inside interface.

But why are these packets never coming out the interface?

Can you do a detailed capture once again and save it as cap file and send it here.

Regards.

Alain.

Don't forget to rate helpful posts.

Hi! Detailed captures was attached.

Hi,

I don't see it.

Alain.

Don't forget to rate helpful posts.

Look at the first message attachment.

Hi,

ok I saw them

does address of the router appears in arp cache of ASA?

Is all unicast traffic to the router failing in addition to ICMP?

Alain.

Don't forget to rate helpful posts.

Arp cache on ASA shows arp entry for 3825:

inside 10.27.6.3 0024.c415.9b00 1605

I have no ability to check this since asa have no any tools (telnet, ssh) as you probably know.

Hi! Thank you all for replays and help, but the problem was with another strange issue. How it was fixed?

First of all I was confused by packet-tracer output:

asa-02# packet-tracer input inside tcp 10.27.6.1 ssh 10.27.6.3 ssh

Phase: 1

Type: ACCESS-LIST

Subtype:

Result: ALLOW

Config:

Implicit Rule

Additional Information:

MAC Access list

Phase: 2

Type: ROUTE-LOOKUP

Subtype: input

Result: ALLOW

Config:

Additional Information:

in   0.0.0.0         0.0.0.0         outside

Phase: 3

Type: UN-NAT

Subtype: static

Result: ALLOW

Config:

object network RT_02_EXT

nat (any,any) static RT_02_INT

Additional Information:

NAT divert to egress interface outside

Untranslate 10.27.6.3/22 to x.x.x.x/22

Phase: 4

Type: ACCESS-LIST

Subtype:     

Result: DROP

Config:

Implicit Rule

Additional Information:

Result:

input-interface: inside

input-status: up

input-line-status: up

output-interface: outside

output-status: up

output-line-status: up

Action: drop

Drop-reason: (acl-drop) Flow is denied by configured rule

Although packet is not ingress to inside interface ( actually it is generated by ASA), I've noticed that here is some kind of UN-NAT used.

So I begin to investigate my Nat rules and found two duplicated entries:

!

object network RT_02_EXT

nat (any,any) static RT_02_INT

object network RT_02_INT

nat (any,any) static RT_02_EXT

!

As you can see it was some kind of misconfiguration. I've deleted second entry and now connectivity is ok.

Once again behavior of packet-tracer changed (althougth it is not ingress to inside):

asa-02# packet-tracer input inside tcp 10.27.6.1 ssh 10.27.6.3 ssh

Phase: 1

Type: ROUTE-LOOKUP

Subtype: input

Result: ALLOW

Config:

Additional Information:

in   10.27.6.0       255.255.255.0   inside

Phase: 2

Type: ACCESS-LIST

Subtype:

Result: DROP

Config:

Implicit Rule

Additional Information:

Result:

input-interface: inside

input-status: up

input-line-status: up

output-interface: inside

output-status: up

output-line-status: up

Action: drop

Drop-reason: (acl-drop) Flow is denied by configured rule

Conclusion: always take a look at something strange in troubleshooting commands output.

Once again thanks all. Please mark somebody my topic as resolved.

glad to hear that your problem is solved but I still don't get why your ASA was getting AS 65536???  Why was it sendin the BGP AS across

Maximum number of the EIGRP AS is 65535. 65536 as you mentioned can be only 4 byte BGP AS Number, but BGP has no any place here. Seems to me here is cosmetic bug in debug of ASA OS 8.4.2. It displays EIGRP AS 1 as 65536 ( EIGRP AS MAX + 1).

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: