Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

PIX ospf problem


I have just upgraded my pix from version 6.3 to 7.0.4 and the ospf is stuck in EXSTART

The pix outside interface is in a lan with my 2 edge router. Here the output from a debug made on a router

Jan 4 09:48:48: OSPF: First DBD and we are not SLAVE

Jan 4 09:48:48: OSPF: Send DBD to x.x.x.161 on GigabitEthernet0/0 seq 0x18BF opt 0x52 flag 0x7 len 32

Jan 4 09:48:48: OSPF: Retransmitting DBD to x.x.x.161 on GigabitEthernet0/0 [11]

Jan 4 09:48:53: OSPF: Rcv DBD from x.x.x.161 on GigabitEthernet0/0 seq 0x1594 opt 0x2 flag 0x7 len 32

mtu 1500 state EXSTART

Was there any change made in pix7 to the ospf ?


Re: PIX ospf problem


Can u check out for the mtu size in all the ethernet interfaces over which you are forming adjacency ?


Re: PIX ospf problem

The mtu on all interface(router and pix) is 1500

Re: PIX ospf problem


These are the possible reasons for the devices getting stucked up in Exstart state..

MTU mismatch

Unicast is broken. In the exstart state, the router sends a unicast packet to the neighbor to elect master and slave.

This is true unless you have a point-to-point link, in which case it sends a multicast packet. These are the possible causes:

Wrong virtual circuit (VC) mapping in an Asynchronous Transfer Mode (ATM) or Frame Relay environment in highly redundant network

MTU problem, meaning the routers can only ping a packet of a certain length

Access list is blocking the unicast packet

NAT is running on the router and is translating the unicast packet

Neighbor between PRI and BRI/dialer

Both routers have the same router ID (mis-configuration)

Unexpected DD Sequence number

"I" bit is set unexpectedly

Option field different from the last option field received in the DBD packet


Neighbor sends unrecognized LSA during exchange process

Neighbor requested an LSA during exchange process that cannot be found

I guess to chek out the lowest ip address to pix and following ips to the routers and make them to become DR/BDR.I feel you can configure up like this and revert back.


CreatePlease to create content