06-11-2016 08:13 PM - edited 03-12-2019 12:52 AM
Hi guys,
I have this weird OSPF behavior and I don't get it...
I'm running version 9.1(4) on ASA5512, this is the output for some of the routes:
FW1DC1# sh ver
Cisco Adaptive Security Appliance Software Version 9.1(4)
FW1DC1# sh route | inc 192.168.30.0
O E2 192.168.30.0 255.255.255.248 [110/1] via 192.168.30.162, 0:01:40, TASA
FW1DC1# sh route | inc 192.168.30.8
O E2 192.168.30.8 255.255.255.248 [110/1] via 192.168.30.162, 0:02:20, TASA
FW1DC1# sh route | inc 192.168.30.16
O E2 192.168.30.16 255.255.255.248 [110/40] via 192.168.30.170, 0:02:23, L3
FW1DC1# sh route | inc 192.168.30.24
O E2 192.168.30.24 255.255.255.248 [110/40] via 192.168.30.170, 0:03:17, L3
FW1DC1# sh route | inc 192.168.30.32
O E2 192.168.30.32 255.255.255.248 [110/1] via 192.168.30.162, 0:03:29, TASA
FW1DC1# sh route | inc 192.168.30.40
O E2 192.168.30.40 255.255.255.248 [110/1] via 192.168.30.162, 0:03:42, TASA
FW1DC1# sh route | inc 192.168.30.48
O E2 192.168.30.48 255.255.255.248 [110/1] via 192.168.30.162, 0:03:44, TASA
I do the upgrade with ASDM to 9.2(1). The same output:
FW1DC1# sh ver
Cisco Adaptive Security Appliance Software Version 9.2(1)
FW1DC1# sh route | inc 192.168.30.0
O E2 192.168.30.0 255.255.255.248
FW1DC1# sh route | inc 192.168.30.8
O E2 192.168.30.8 255.255.255.248
FW1DC1# sh route | inc 192.168.30.16
O E2 192.168.30.16 255.255.255.248
FW1DC1# sh route | inc 192.168.30.24
O E2 192.168.30.24 255.255.255.248
FW1DC1# sh route | inc 192.168.30.32
O E2 192.168.30.32 255.255.255.248
FW1DC1# sh route | inc 192.168.30.40
O E2 192.168.30.40 255.255.255.248
FW1DC1# sh route | inc 192.168.30.48
O E2 192.168.30.48 255.255.255.248
So after I do the upgrade, I cannot reach any of those routes and I don't know why.
But after I downgrade to 9.1(4), it works again.
Any thoughts???
Thank you!
PS: I do the downgrade with ASDM, when the FW comes up again, the boot system still shows as 9.2(1)
downgrade /noconfirm disk0:/asa914-smp-k8.bin disk0:/oldconfig_2016jun12_0222.cfg
FW1DC1# sh run | inc asa
boot system disk0:/asa921-smp-k8.bin
06-11-2016 09:46 PM
When it doesn't work, what appears in the firewall logs?
I'm going to guess a NAT issue, but that is just a guess.
06-13-2016 05:38 AM
Hi Philip,
I would need to do the upgrade and downgrade again to get the logs but I haven't seen anything in particular.
But if it was a NAT issue, wouldn't it be happening on the current version as well?
Thank you!
06-13-2016 01:18 PM
The NAT engine in the ASA was replaced at some version I can no longer recall. I'm guessing you might be on either side of that boundary, and NAT might need some minor tweaking after the upgrade.
You'll see issues in the log if this is the case.
06-13-2016 05:36 PM
Ah, that's right but it was prior to 9.1(4), I think it was 8.3 or so...
Thank you!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: