ASA and EIGRP Flapping

cammaher — Mon, 11 Mar 2019 22:37:38 GMT

Hi All,

I have been having an annoying issue for the past few weeks with my ASA setup. We are using the ASA as our Remote Access Gateway and originally had it setup in a Active/Standby failover configuration using 2 x 5520 ASA's.

The original setup of the devices was that the 2 x ASA were setup in a failover configuration, with both of them connecting back to the internal network via a 6500 device. Because of using failover I created a VLAN on the 6500 and put the two ports that connect the ASA's into that VLAN. I then configured the VLAN interface to be the EIGRP interface for the neighbour relationship to the ASA's.

The problem I am seeing is that the EIGRP neighbour relationship between the Active ASA and the 6500 keeps flapping. It occurs abour 4-5 times every day at randmon intervals. Sometimes the neighbour relationship will stay up for 6-7 hours, other times it flaps every 1-2 hours. I initially thought it was due to the failover configuration so I removed one of the ASA's and removed all of the failover configuration, but the EIGRP neighbour flapping problem still exisits. The error log's on the 6500 are:

Mar 2 03:12:01: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor x.x.x.x (Vlan97) is down: holding time expired

30w1d: EIGRP: Neighbor x.x.x.x went down on Vlan97

30w1d: EIGRP: New peer x.x.x.x

Mar 2 03:12:07: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor x.x.x.x (Vlan97) is up: new adjacency

Mar 2 03:12:07: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor x.x.x.x (Vlan97) is down: Interface Goodbye received

30w1d: EIGRP: Neighbor x.x.x.x went down on Vlan97

30w1d: EIGRP: New peer x.x.x.x

Mar 2 03:15:09: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor x.x.x.x (Vlan97) is up: new adjacency

The basic network configuration is like this:

outside----------ASA----inside-------\

(failover) | 6500 (via a VLAN)

outside----------ASA----inside-------/

Since removing the failvoer configuration I am thinking it could be a physical cable problem? Would that make sense?

Thanks,
Cameron

PS - I am running 8.4(2)18 on the ASA's.

ASA and EIGRP Flapping

svaish — Mon, 05 Mar 2012 10:03:08 GMT

Do you see any interface errors on the ASA,

What does the ASA's debug eigrp packets suggest

Do you see any interface going down.

Regards,

Sachin

ASA and EIGRP Flapping

cammaher — Mon, 05 Mar 2012 22:39:11 GMT

Hi Svaish,

Thanks for the reply.

No, there are no interface errors on the ASA, all the values in the counters appear normal. There aren't any interfaces going down either.

I'm in the process of doing a debug on the ASA and will provide more info when I get it.

Thanks,

Cameron

ASA and EIGRP Flapping

svaish — Tue, 06 Mar 2012 07:16:40 GMT

Hi,

Collecting debugs for EIGRP will be helpful.

Sachin

ASA and EIGRP Flapping

joseph.bernard — Mon, 04 Jun 2012 13:24:04 GMT

We just experienced a simiar issue. The VLANs we use are set to mtu 9216. By removing and reapplying the mtu setting to the VLAN on the 6500, the flapping went away.

topic ASA and EIGRP Flapping in Network Security

ASA and EIGRP Flapping

ASA and EIGRP Flapping

ASA and EIGRP Flapping

ASA and EIGRP Flapping

ASA and EIGRP Flapping