cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
642
Views
15
Helpful
4
Replies
Beginner

ASA 9.0(1) on 5510

So I loaded the shiny new ASA 9.0(1) on a test/dev cluster of 5510's with the SecPlus license.

Two things.

1.  In 8.4.4 (or maybe 8.4.3?) new password-policy commands were introduced, which allowed for very granular password policies for local users.  This appears to be gone in 9.0.1. Is this by design?  These commands met certain compliance regulations.

2.  EIGRP is supported in multiple context mode now, however the contexts dont appear to form EIGRP neighborships with each other on a shared interface.  I did issue the mac-address auto command in system mode if that matters.  All contexts do form EIGRP neighborships with a regular IOS device, however routes are still not propegated from CTX1 to CTX2, 3, etc.

CTX1    CTX2    CTX3

|       |       |

|       |       |

--------------------

      |

      |

    IOS-Device

It's entirely possible I'm doing something wrong, this is my first stab at multiple contexts, or its possible this doesnt work by design?


Everyone's tags (3)
4 REPLIES 4
Highlighted
Cisco Employee

ASA 9.0(1) on 5510

Since it's a brand new software release, I would suggest that you open a case with TAC so it can be troubleshot and if there is any bug, the engineer can help to raise it immediately.

But yes, you are right, both features should work in this new version.

Highlighted
Beginner

ASA 9.0(1) on 5510

I did open a TAC case and will post the results here.  I was hoping someone else had noticed this in their testing of the new software.  Or maybe that Cisco has noticed this in their testing of the software

Highlighted
Beginner

ASA 9.0(1) on 5510

TAC called back pretty quick on the EIGRP issue, it's not supported on shared interfaces because of some multicast limitations, which kind of makes sense.  It's in the notes, I must have missed it.

http://www.cisco.com/en/US/docs/security/asa/asa90/configuration/guide/route_eigrp.html#wp1057302

Additional Guidelines

EIGRP instances cannot form adjacencies with each other across shared interfaces because inter-context exchange of multicast traffic is not supported.

For what it's worth, I was able to get the routes from one context to another by disabling EIGRP split horizion on an interface in the same subnet of an IOS device.  Disabling split horizion seems like a bad idea, though.

Highlighted
Cisco Employee

ASA 9.0(1) on 5510

Excellent, thanks for the update.