cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4470
Views
0
Helpful
4
Replies

Unable to establish OSPFv3 neighbors through transparent ASA

bdubrow
Level 1
Level 1

I have 2 devices running IPv6 with an ASA ver 8.4(2) in transparent mode with multiple contexts in between them.  I can ipv6 ping the devices through the ASA but can not get the 2 devices to establish OSPFv3 adjacency.  They are able to establish adjacency with ipv4 OSPF.  When running debug ipv6 ospf hello I see each of the devices sending hellos but not receiving them from the device on the other side of the ASA. I notice that the hellos are coming from the link local addresses and not the unique global addresses that I applied to the interfaces. If I connect a device directly to one of the devices I can establish OSPFv3 adjacency without a problem.

Any thoughts?

Bob

1 Accepted Solution

Accepted Solutions

Ouch. This looks like a bug we found internally - CSCtr39183 (not visible outside)

What I would do is open a TAC case, reference this bug and ask them to publish you 8.4.2.10 image.

Alternatively and I advise against it - downgrade to 8.4.1 where the problem should not be present.

View solution in original post

4 Replies 4

Marcin Latosiewicz
Cisco Employee
Cisco Employee

Bob,

It is expected that OSPF/EIGRP etc use link local rather than unique global ;-)

Regarding the problem.

- please enable

logging buffered info

logging buffer-size 1000000

- and ASP drop capure.

cap ASP type asp all 

Try establishing the adjacency and check

show logg

sh cap ASP

I would also try establishing the adjacency without multicast (point-to-multipoint network should allow this).

Marcin

Ouch. This looks like a bug we found internally - CSCtr39183 (not visible outside)

What I would do is open a TAC case, reference this bug and ask them to publish you 8.4.2.10 image.

Alternatively and I advise against it - downgrade to 8.4.1 where the problem should not be present.

Marcin,

Thanks for your help on this, I have been fighting with it for a few days.  The setup is in a lab so going between multiple versions on the ASA is not a problem.  I will do as you suggest and open a TAC case.

Received 8.4.2.15 from TAC, that fixed the problem.

Thanks for your help.

Bob

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco