cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3340
Views
0
Helpful
4
Replies

ASA and EIGRP Flapping

cammaher
Level 1
Level 1

Hi All,

I have been having an annoying issue for the past few weeks with my ASA setup. We are using the ASA as our Remote Access Gateway and originally had it setup in a Active/Standby failover configuration using 2 x 5520 ASA's.

The original setup of the devices was that the 2 x ASA were setup in a failover configuration, with both of them connecting back to the internal network via a 6500 device. Because of using failover I created a VLAN on the 6500 and put the two ports that connect the ASA's into that VLAN. I then configured the VLAN interface to be the EIGRP interface for the neighbour relationship to the ASA's.

The problem I am seeing is that the EIGRP neighbour relationship between the Active ASA and the 6500 keeps flapping. It occurs abour 4-5 times every day at randmon intervals. Sometimes the neighbour relationship will stay up for 6-7 hours, other times it flaps every 1-2 hours. I initially thought it was due to the failover configuration so I removed one of the ASA's and removed all of the failover configuration, but the EIGRP neighbour flapping problem still exisits. The error log's on the 6500 are:

Mar  2 03:12:01: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor x.x.x.x (Vlan97) is down: holding time expired

30w1d: EIGRP: Neighbor x.x.x.x went down on Vlan97

30w1d: EIGRP: New peer x.x.x.x

Mar  2 03:12:07: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor x.x.x.x (Vlan97) is up: new adjacency

Mar  2 03:12:07: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor x.x.x.x (Vlan97) is down: Interface Goodbye received

30w1d: EIGRP: Neighbor x.x.x.x went down on Vlan97

30w1d: EIGRP: New peer x.x.x.x

Mar  2 03:15:09: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor x.x.x.x (Vlan97) is up: new adjacency

The basic network configuration is like this:

outside----------ASA----inside-------\

           (failover)  |                    6500 (via a VLAN)

outside----------ASA----inside-------/

Since removing the failvoer configuration I am thinking it could be a physical cable problem? Would that make sense?

Thanks,
Cameron

PS - I am running 8.4(2)18 on the ASA's.

4 Replies 4

svaish
Level 1
Level 1

Do you see any interface errors on the ASA,

What does the ASA's debug eigrp packets suggest

Do you see any interface going down.

Regards,

Sachin

Hi Svaish,

Thanks for the reply.

No, there are no interface errors on the ASA, all the values in the counters appear normal. There aren't any interfaces going down either.

I'm in the process of doing a debug on the ASA and will provide more info when I get it.

Thanks,

Cameron

Hi,

Collecting debugs for EIGRP will be helpful.

Sachin

joseph.bernard
Level 1
Level 1

We just experienced a simiar issue.  The VLANs we use are set to mtu 9216.  By removing and reapplying the mtu setting to the VLAN on the 6500, the flapping went away. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: