cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
490
Views
0
Helpful
6
Replies

EIGRP Adjacency not forming on ASA 5515-X and 1921 Router

Joel Friedman
Level 1
Level 1

Hi,

I have a router and firewall that work fine.  However, I am in process of upgrading the ASA to 9.2(2) code.   When I do the upgrade, the ASA  fails to establish the adjacency again with the router.   Does anyone have any ideas?

 

Here is the config:

On ASA:
interface GigabitEthernet0/0
 nameif outside
 security-level 0
 ip address 1.2.3.4 255.255.255.224
 authentication key eigrp 100 XXXX key-id 1
 authentication mode eigrp 100 md5
!
router eigrp 100
 network 1.2.3.0 255.255.255.224
 network 172.18.1.0 255.255.255.0
 passive-interface default
 no passive-interface outside
 redistribute static route-map Redistribute_VPN
=======================================================
On Router
 
!

!
key chain EIGRP_KEYCHAIN
 key 1
  key-string XXXX
!
interface GigabitEthernet0/1
 ip address 1.2.3.2 255.255.255.224
 ip authentication mode eigrp 100 md5
 ip authentication key-chain eigrp 100 EIGRP_KEYCHAIN
 ip hold-time eigrp 100 35
 ip flow ingress
 duplex auto
 speed auto
!

router eigrp 100
 distribute-list Distribute-List out
 network 172.18.250.0 0.0.0.255
 network 1.2.3.0 0.0.0.31
 passive-interface default
 no passive-interface Tunnel1
 no passive-interface GigabitEthernet0/1

 

Thank you in advance,

 

Joel Friedman

CCNP,CCSP,CCVP

Network Manger

Ripley Entertainment

 

 

1 Accepted Solution

Accepted Solutions

Joel

 

Thanks for clarifying that the EIGRP adjacency does work on 9.1 code and has problems after upgrading to 9.2. It certainly sounds like it is a code based problem. So my first suggestion would be to open a case with Cisco TAC and see what they know about it. If a case with Cisco TAC is not feasible then I would have a couple of suggestions.

- take a copy of the config that is working with 9.1 and a copy of the config after upgrading to 9.2 and look for changes, especially any changes in the interface or in routing protocol parameters.

- you might try taking out the authentication processing for EIGRP and see if the problem is related to authentication or is about something else.

- you might run debug on router and ASA for EIGRP and see if it shows some error.

 

HTH

 

Rick

HTH

Rick

View solution in original post

6 Replies 6

Richard Burts
Hall of Fame
Hall of Fame

Joel

 

It is not clear to me whether the EIGRP adjacency was working before the code upgrade and stopped working when you did the code upgrade or whether the EIGRP adjacency is something you started after the code upgrade. Can you clarify?

 

Can you post the output of show ip eigrp interface from the router and the equivalent command from the ASA?

 

HTH

 

Rick

HTH

Rick

Richard,

Thank you for getting back to me.   EIGRP is working fine on the 9.1(2) code and the system is in production.   Unfortunately, I have to wait until 530 AM eastern tomorrow to try the upgrade again.  Here are the commands you requested(while it is up and running on 9.1).  The interfaces show up in this command on both router and firewall after the upgrade.

RIP-COLO-FW-01# show eigrp int
EIGRP-IPv4 interfaces for process 100

                        Xmit Queue   Mean   Pacing Time   Multicast    Pending
Interface        Peers  Un/Reliable  SRTT   Un/Reliable   Flow Timer   Routes
outside            2        0/0         1       0/1           50           0
Inside2            0        0/0         0       0/1            0           0

RIP-COLO-RTR-01#show ip eigrp int
EIGRP-IPv4 Interfaces for AS(100)
                              Xmit Queue   PeerQ        Mean   Pacing Time   Multicast    Pending
Interface              Peers  Un/Reliable  Un/Reliable  SRTT   Un/Reliable   Flow Timer   Routes
Gi0/1                    2        0/0       0/0           1       0/0           50           0

 

Joel

 

Joel

 

Thanks for clarifying that the EIGRP adjacency does work on 9.1 code and has problems after upgrading to 9.2. It certainly sounds like it is a code based problem. So my first suggestion would be to open a case with Cisco TAC and see what they know about it. If a case with Cisco TAC is not feasible then I would have a couple of suggestions.

- take a copy of the config that is working with 9.1 and a copy of the config after upgrading to 9.2 and look for changes, especially any changes in the interface or in routing protocol parameters.

- you might try taking out the authentication processing for EIGRP and see if the problem is related to authentication or is about something else.

- you might run debug on router and ASA for EIGRP and see if it shows some error.

 

HTH

 

Rick

HTH

Rick

This turned out to be an EIGRP Auth error.  I removed all auth and it started working.

Joel

 

That is very interesting. I am glad that you figured out the problem and found a way to resolve it. Thank you for posting back to the forum to let us know that you found the problem and what it was. This may help other readers in the forum who might face a similar problem. 

 

HTH

 

Rick

HTH

Rick

Hello, you might be hitting bug CSCut26062.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco