Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Concentrator 3000 use ospf with md5 authentication failed

Hi All,

I just tested ospf with a VPN 3005 connected with a cisco router using ospf md5 authentication but fail. In cisco router, I can see ospf neighbor status is "INIT", but can not see any log in VPN 3005, physical connection is good, ping can be reached each other. I have tried both " ip ospf authentication message-digest & ip ospf authentication-key" command and " ip ospf message-digest-key" command in the router, the password is the same in both side and the md5 id has been set. But when I use simple authentication or disable authentication the neighbor relation can up. Any body met this case before? Thank you!

Best Regards

Teru Lei

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: VPN Concentrator 3000 use ospf with md5 authentication faile

Hi,

It's a knowns bug, I have also met with this previously: CSCef38044

It is not possible to build up OSPF using MD5 hash neighborship with newer IOS versions, on which LLS capability is enabled. LLS capa is enabled somewhere from 12.2T. This behaviour can be found on CVPN from 4.1.5 and above including 4.7 also.

I tested it with several IOS and CVPN OS - same result.The sympthom: router ospf neighborship stays in INIT/DROTHER state.

Solution is to configure the router:

router ospf 1

no capability lls

This will solve your problem.

Attila Suba

2 REPLIES
New Member

Re: VPN Concentrator 3000 use ospf with md5 authentication faile

Hi,

It's a knowns bug, I have also met with this previously: CSCef38044

It is not possible to build up OSPF using MD5 hash neighborship with newer IOS versions, on which LLS capability is enabled. LLS capa is enabled somewhere from 12.2T. This behaviour can be found on CVPN from 4.1.5 and above including 4.7 also.

I tested it with several IOS and CVPN OS - same result.The sympthom: router ospf neighborship stays in INIT/DROTHER state.

Solution is to configure the router:

router ospf 1

no capability lls

This will solve your problem.

Attila Suba

New Member

Re: VPN Concentrator 3000 use ospf with md5 authentication faile

Hi Suba,

Thank you very much!!!

Best Regards

Teru Lei

137
Views
5
Helpful
2
Replies
CreatePlease login to create content