cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


1075
Views
0
Helpful
4
Replies
Highlighted
Beginner

OSPF Input Packets Ignored

I am trying to configure my ASA 5545 firewall in area 0 but when I do so, the neighbor relationship never establishes.  A debug on OSPF gives only one response:

OSPF: Input packet ignored.

Here is my configuration:

ASA 5545:

router ospf 65310

router-id 10.222.171.161

network 10.0.0.0 255.0.0.0 area 0

area 0 authentication message-digest

log-adj-changes

interface GigabitEthernet0/1.20

vlan 20

nameif INSIDE

security-level 100

ip address 10.222.171.161 255.255.255.248

ospf message-digest-key 1 md5 *****

ospf authentication message-digest

4948E:

router ospf 65310

router-id 167.68.126.136

log-adjacency-changes

area 0 authentication message-digest

passive-interface default

no passive-interface Vlan20

network 10.222.171.164 0.0.0.0 area 0

interface Vlan20

description wan-eag-diste-fw1 INSIDE

ip address 10.222.171.164 255.255.255.248

ip ospf message-digest-key 1 md5 test

I have already verifed that the key matches on both neighbors.  Any idea why the ASA is ignoring the input packets?

Everyone's tags (4)
4 REPLIES 4

OSPF Input Packets Ignored

Hello Jonathan

can you try to do the following

router ospf 65310

no network 10.0.0.0 255.0.0.0 area 0

network 10.222.171.160 255.255.255.248 area 0

Regards

Harish.

Beginner

Re:OSPF Input Packets Ignored

Hi Harish,

I actually tried that and it did not work either.  Interesting enough though, I added failover configuration with the secondary ASA and the OSPF neighbor relationship came up with the directly connected switch.  I am not sure why this would have caused the neighbor relationship to work. 

Thanks for the reply!

Beginner

Re:OSPF Input Packets Ignored

Have you got matching mtu? What does debug ospf events and debug ospf packet give you?

Sent from Cisco Technical Support Android App

Beginner

Re:OSPF Input Packets Ignored

Hi Barrie,

The MTU's do match.  The debug only shows "OSPF: Input Packet Ignored."  Interesting enough though, I added failover configuration with the secondary ASA and the OSPF neighbor relationship came up with the directly connected switch. I am not sure why this would have caused the neighbor relationship to work.

Thanks for the reply!