We are having issues getting OSPF up between a Nokia and a Cisco 3750. Basically stuck in EXSTART mode (see attachment).
NOKIA Interface is a Logical Interface (vlan) and OSPF MTU is 1500 same as on Cisco 3750.Firewall rule created to allow OSPF and multicast etc.
Any ideas ?
Thanks in advance.
What type of firewall do you have? Can you allow, for testing, all traffic (not just ospf and multicast) from the 10.0.0.1 to 10.0.0.2?
Can you try configuring "no capability lls" under the ospf process. I have seen this as an issue with Nokia interoperability in the past. The Nokia should just ignore the lls information but it doesn't in certain level of code.
Just for your information LLS is used for graceful restart and is defined by RFC4813.
from the log you have provided we see:
Jul 9 07:49:29.089: OSPF: Retransmitting DBD to 10.0.0.1 on vlan222 
Jul 9 07:49:29.106: OSPF: Rcv DBD from 10.0.0.1 on vlan222 seq 0x4A559AE1 opt 0x2 flag 0x7 len 32 mtu 1500 state EXSTART
Jul 9 07:49:29.106: OSPF: First DBD and we are not SLAVE
it looks like the C3750 is disappointed of receiving a DBD from other side when it thinks to be the master in the exstart communication.
It is the master that should start to talk according to RFC2328 it looks like they don't agree on master role.
Hope to help
Thanks for the reply - it may well be an Ospf compatability issue. Found the following for our version of IPSO 4.2
Table 33 Global Settings for OSPF Parameter Description
RFC1583 Compatibility This implementation of OSPF is based on RFC2178, which fixed some looping problems in an earlier specification of OSPF. If your implementation is running in an environment with OSPF implementations based on RFC1583 or earlier, enable RFC 1583 compatibility to ensure backwards compatibility.
We did try with RFC1583 compatabilty set on both ASA and Nokia with same results.
Update - Issue now resolved.
Network capture indicated OSPF DBD packets were being delivered to the firewall interface, but no indication of this in the FW logs.
A FW stealth rule was silently dropping (& not logging) OSPF DBD packets directed to FW interface. OSPF rules moved to before stealth rule and all now working.
you have been kind to provide the happy end of this story.
This makes this thread complete and useful.
You can detect this problem using these methods:
1- Run tcpdump on the Nokia and look for proto 69.
2- run checkpoint "fw monitor" and you can see if the packet being dropped.