04-21-2015 06:40 AM - edited 03-11-2019 10:48 PM
We have an ASA 5555-X running 9.2(1). It is connected to an VSS-1440 running IOS 15.1(2)SY4.
They form an OSPF area, the ASA should distributes its connected and static subnets to the router via OSPF. It works fine for the subnets which are directly connected to the ASA, but not for a subnet for which the ASA has a static route.
This is the ASA OSPF config:
router ospf 1
network 1.2.3.0 255.255.255.0 area 29
network 10.10.0.0 255.255.248.0 area 29
[more subnets]
area 29 stub no-summary
log-adj-changes
redistribute static subnets
OSPF neighbours seem correct.
Subnets which are directly connected to the ASA are fine:
asa# sh route 1.2.3.0
Routing entry for 1.2.3.0 255.255.255.0
Known via "connected", distance 0, metric 0 (connected, via interface)
Routing Descriptor Blocks:
* directly connected, via vlan100
Route metric is 0, traffic share count is 1
router#sh ip route 1.2.3.0
Routing entry for 1.2.3.0/24
Known via "ospf 1", distance 110, metric 20, type intra area
Last update from 10.141.90.26 on Vlan100, 01:54:45 ago
Routing Descriptor Blocks:
* XXXXXXXXXX, from XXXXXXXXXX, 01:54:45 ago, via Vlan449
Route metric is 20, traffic share count is 1
Subnets which are static to the ASA don't work:
asa# sh route 10.10.0.0
Routing entry for 10.10.0.0 255.255.248.0
Known via "static", distance 1, metric 0
Redistributing via ospf 1
Advertised by ospf 1 subnets
Routing Descriptor Blocks:
* 10.9.8.204, via vlan100
Route metric is 0, traffic share count is 1
router#sh ip route 10.10.0.0
% Subnet not in table
Any ideas what I am missing?
04-22-2015 04:26 AM
Is the subnet in the OSPF database as an external route on your router ?
Jon
04-22-2015 06:26 AM
The subnet 10.10.0.0 does not show up in "show ip ospf data external" on the router.
04-22-2015 08:05 AM
From your OSPF configuration -
network 10.10.0.0 255.255.248.0 area 29
why have you got a network statement for a static route ?
Jon
04-28-2015 04:12 AM
I tried with and without it, didn't make a difference.
05-10-2017 01:09 AM
I suppose you also have to add a default information originate to your ASA
Seet this article:
http://www.petenetlive.com/KB/Article/0000982
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide