03-01-2012 01:57 PM - edited 03-11-2019 03:37 PM
Hi All,
I have been having an annoying issue for the past few weeks with my ASA setup. We are using the ASA as our Remote Access Gateway and originally had it setup in a Active/Standby failover configuration using 2 x 5520 ASA's.
The original setup of the devices was that the 2 x ASA were setup in a failover configuration, with both of them connecting back to the internal network via a 6500 device. Because of using failover I created a VLAN on the 6500 and put the two ports that connect the ASA's into that VLAN. I then configured the VLAN interface to be the EIGRP interface for the neighbour relationship to the ASA's.
The problem I am seeing is that the EIGRP neighbour relationship between the Active ASA and the 6500 keeps flapping. It occurs abour 4-5 times every day at randmon intervals. Sometimes the neighbour relationship will stay up for 6-7 hours, other times it flaps every 1-2 hours. I initially thought it was due to the failover configuration so I removed one of the ASA's and removed all of the failover configuration, but the EIGRP neighbour flapping problem still exisits. The error log's on the 6500 are:
Mar 2 03:12:01: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor x.x.x.x (Vlan97) is down: holding time expired
30w1d: EIGRP: Neighbor x.x.x.x went down on Vlan97
30w1d: EIGRP: New peer x.x.x.x
Mar 2 03:12:07: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor x.x.x.x (Vlan97) is up: new adjacency
Mar 2 03:12:07: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor x.x.x.x (Vlan97) is down: Interface Goodbye received
30w1d: EIGRP: Neighbor x.x.x.x went down on Vlan97
30w1d: EIGRP: New peer x.x.x.x
Mar 2 03:15:09: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor x.x.x.x (Vlan97) is up: new adjacency
The basic network configuration is like this:
outside----------ASA----inside-------\
(failover) | 6500 (via a VLAN)
outside----------ASA----inside-------/
Since removing the failvoer configuration I am thinking it could be a physical cable problem? Would that make sense?
Thanks,
Cameron
PS - I am running 8.4(2)18 on the ASA's.
03-05-2012 02:03 AM
Do you see any interface errors on the ASA,
What does the ASA's debug eigrp packets suggest
Do you see any interface going down.
Regards,
Sachin
03-05-2012 02:39 PM
Hi Svaish,
Thanks for the reply.
No, there are no interface errors on the ASA, all the values in the counters appear normal. There aren't any interfaces going down either.
I'm in the process of doing a debug on the ASA and will provide more info when I get it.
Thanks,
Cameron
03-05-2012 11:16 PM
Hi,
Collecting debugs for EIGRP will be helpful.
Sachin
06-04-2012 06:24 AM
We just experienced a simiar issue. The VLANs we use are set to mtu 9216. By removing and reapplying the mtu setting to the VLAN on the 6500, the flapping went away.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide