OSPF on ASA outside

From: Muhammad Nasim (muhammad.nasim@gmail.com)
Date: Tue Apr 29 2008 - 00:29:36 ART

• Next message: Muhammad Nasim: "Re: CCIE and Partnership Rules"
• Previous message: D.H. Williams: "Re: CCIE and Partnership Rules"
• Next in thread: Anderson Alves: "RE: OSPF on ASA outside"
• Maybe reply: Anderson Alves: "RE: OSPF on ASA outside"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Dear All,

I have an issue with OSPF need ur help

to make it simple

I have one Router on outside of the ASA. I am router on Dynampis and my ASA
is a physical box. I can ping from R1 to ASA and vice versa no issues but R1
is not getting any OSPF packet from ASA. I don't know WHY but ASA is getting
OSPF packets from R1.

ASA(config)# show ospf neighbor

Neighbor ID Pri State Dead Time Address Interface
11.11.11.11 1 INIT/DROTHER 0:00:30 192.1.12.1 outside
20.20.20.20 1 FULL/DR 0:00:31 10.55.55.20 DMZ

*(I made the scenario short for troublshooting purpose other wise I have 3
routers on outside of the ASA and VPN -CONC on DMZ. The routers are on
Dyanmpis which then trunk to 3550 switch which is then conntect to ASA and
VPN)*

Following are my configs

ASA
---------------------------------------------------------
PIX Version 7.2(2)
!
hostname ASA
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0
 nameif outside
 security-level 0
 ip address 192.1.12.10 255.255.255.0
!
interface Ethernet1
 nameif inside
 security-level 100
 ip address 10.22.22.10 255.255.255.0
!
interface Ethernet2
 nameif DMZ
 security-level 50
 ip address 10.55.55.10 255.255.255.0
!
interface Ethernet3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet4
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet5
 shutdown
 no nameif
 no security-level
 no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list outside-in extended permit ospf any any
access-list outside-in extended deny ip any any log
pager lines 24
logging console debugging
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
access-group outside-in in interface outside
route inside 33.0.0.0 255.0.0.0 10.22.22.3 1
!
router ospf 1
 network 0.0.0.0 0.0.0.0 area 0
 router-id 1.1.1.1
 log-adj-changes
!
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat
0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect
0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect icmp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:b6dfa3559a469ad393ed243fb22b8bd4
: end

*R1-CONFIG*
-----------------------------------------------------------------------------------------------------------

Current configuration : 1611 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
no ip domain lookup
!
ip cef
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 11.11.11.11 255.0.0.0
 no clns route-cache
!
interface Loopback10
 ip address 10.1.1.1 255.255.255.0
 no clns route-cache
!
interface Loopback13
 ip address 10.13.13.1 255.255.255.0
 no clns route-cache
!
interface Ethernet0/0
 ip address 192.1.12.1 255.255.255.0
  full-duplex
 no clns route-cache
!
interface Ethernet0/1
 no ip address
 shutdown
 half-duplex
 no clns route-cache
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
 no clns route-cache
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
 no clns route-cache
!
interface Serial1/0
 no ip address
 shutdown
 serial restart-delay 0
 no clns route-cache
!
interface Serial1/1
 no ip address
 shutdown
 serial restart-delay 0
 no clns route-cache
!
interface Serial1/2
 no ip address
 shutdown
 serial restart-delay 0
 no clns route-cache
!
interface Serial1/3
 no ip address
 shutdown
 serial restart-delay 0
 no clns route-cache
!
router ospf 1
 router-id 11.11.11.11
 log-adjacency-changes
 network 0.0.0.0 255.255.255.255 area 0
!
ip http server
no ip http secure-server
ip classless
!
!
!
!
!
!
!
!
!
!
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 login
!
!
end
Muhammad Nasim
Network Engineer
Saudi Arabia

Pass the CCIE in six weeks, Guaranteed!
http://www.certscience.com/CCIE

• Next message: Muhammad Nasim: "Re: CCIE and Partnership Rules"
• Previous message: D.H. Williams: "Re: CCIE and Partnership Rules"
• Next in thread: Anderson Alves: "RE: OSPF on ASA outside"
• Maybe reply: Anderson Alves: "RE: OSPF on ASA outside"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2008 - 08:25:52 ART