Re: ASA5505 not announcing inside EIGRP route to the outside.

jkeeffe · ‎11-30-2010

I have an ASA5510, v8.3.2, with EIGRP routing enabled. The inside interface IP is 172.19.3.33/27. The outside interface is 164.72.232.27/29 connected to a switch that has a Cisco 2821 IOS router with EIGRP running. The 2821 interface is 164.72.232.25/29. Both ASA and 3845 have the same EIGRP AS=1.

The ASA has both 172.19.0.0 and 164.72.0.0 configured as EIGRP network processes. The 2821 router has only 164.72.0.0 as an EIGRP network.

The ASA doesn't seem to be announcing its inside network of 172.19.3.32/27 to the outside, because the 2821 router does not see that network, but both the ASA and the 2821 see each other as EIGRP neighbors. Below are the statements in the 2821 and ASA relating to the interfaces and EIGRP, and the output of a couple of commands.

2821 router config:

interface GigabitEthernet0/0
ip address 164.72.232.25 255.255.255.248
duplex auto
speed auto
end

!

router eigrp 1
network 164.72.0.0
no auto-summary

DC-2821#sh ip eigrp nei
IP-EIGRP neighbors for process 1
H   Address                 Interface       Hold Uptime      SRTT   RTO Q Seq
                                                         (sec)             (ms)            Cnt Num
2   164.72.232.27           Gi0/0             13 17:52:43    7        200    0 325

DC-2821#sh ip route 172.19.3.32
% Subnet not in table

--------------------------------------------------------------------------------------------------------

ASA config:

name 164.72.0.0 GHC-Enterprize-network

interface Vlan1
nameif inside
security-level 100
ip address 172.19.3.33 255.255.255.224

!

interface Vlan2
nameif outside
security-level 0
ip address 164.72.232.27 255.255.255.248

!

router eigrp 1
no auto-summary
network GHC-Enterprize-network 255.255.0.0
network 172.19.0.0 255.255.0.0

sh eigrp nei

EIGRP-IPv4 neighbors for process 1
H   Address                 Interface       Hold Uptime       SRTT    RTO Q Seq
                                                          (sec)              (ms)       Cnt Num
0   164.72.232.25           Vl2              14 18:01:04 8    200        0   4335

Is there something else I need to do on the ASA to get it to announce routes to the outside interface?

Atri Basu · ‎11-30-2010

Hi,

Is Vlan1 on the ASA up? have you assigned an interface to the Vlan yet?

Regards,

Atri.

jkeeffe · ‎11-30-2010

Solved!! I rebooted the ASA and all works well now. It now advertises the inside route to the outside. Go figure!

Panos Kampanakis · ‎11-30-2010

Your config looks good. The router should be learning it.

Can you check the "sh ip route" (no host ip) and the eigrp db on the router?

Also make sure you have both vlan assigned to a port on the ASA.

PK

jkeeffe · ‎11-30-2010

Here's a first portion of 'sh ip route' on the 2821 router (the only 172.19:

DC-2821#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 164.72.52.135 to network 0.0.0.0

     198.185.135.0/32 is subnetted, 2 subnets
D EX    198.185.135.230
           [170/40960] via 164.72.232.114, 1w1d, GigabitEthernet0/1
D EX    198.185.135.201
           [170/40960] via 164.72.232.114, 1w1d, GigabitEthernet0/1
     172.19.0.0/30 is subnetted, 1 subnets
D       172.19.3.104 [90/28672] via 164.72.232.115, 5d22h, GigabitEthernet0/1
     172.20.0.0/24 is subnetted, 1 subnets
D EX    172.20.20.0 [170/31232] via 164.72.232.114, 1w1d, GigabitEthernet0/1
     172.26.0.0/16 is variably subnetted, 201 subnets, 4 masks
D       172.26.54.128/28
           [90/267008] via 164.72.232.114, 1w1d, GigabitEthernet0/1
D       172.26.179.0/25
           [90/34560] via 164.72.232.114, 1w1d, GigabitEthernet0/1

.

.............................................................................................

Here is the only entry in the routing table for routes coming into G0/0 where the ASA is:

DC-2821#sh ip route | include net0/0
C 164.72.232.24/29 is directly connected, GigabitEthernet0/0

..........................................................................

Here is the only 172.19.x.x entry in the eigrp topology table (this 172.19.3.104 is from another IOS router)

DC-2821#sh ip eigrp top | include 172.19
P 172.19.3.104/30, 1 successors, FD is 28672
DC-2821#

Atri Basu · ‎11-30-2010

Can you please send the output for "sh int ip bri" from the ASA along with the "Sh route" command from the ASA?

jkeeffe · ‎11-30-2010

Here is "sh int ip bri"

Result of the command: "sh int ip bri"

Interface                  IP-Address      OK? Method Status                Protocol
Internal-Data0/0           unassigned      YES unset up                    up
Internal-Data0/1           unassigned      YES unset up                    up
Vlan1                      172.19.3.33     YES manual up                    up
Vlan2                      164.72.232.27   YES CONFIG up                    up
Virtual0                   127.0.0.1       YES unset up                    up
Ethernet0/0                unassigned      YES unset up                    up
Ethernet0/1                unassigned      YES unset up                    up
Ethernet0/2                unassigned      YES unset down                  down
Ethernet0/3                unassigned      YES unset down                  down
Ethernet0/4                unassigned      YES unset down                  down
Ethernet0/5                unassigned      YES unset down                  down
Ethernet0/6                unassigned      YES unset down                  down
Ethernet0/7                unassigned      YES unset down                  down

-----------------------------------------------------------------------------------------------------------

Here is "sh route" (The list is long, so I removed most of the routes)

Result of the command: "sh route"

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is 164.72.232.25 to network 0.0.0.0

D EX 198.185.135.230 255.255.255.255
           [170/46080] via 164.72.232.25, 20:19:53, outside
D EX 198.185.135.201 255.255.255.255
           [170/46080] via 164.72.232.25, 20:19:53, outside
C    172.19.3.32 255.255.255.224 is directly connected, inside
D    172.19.3.104 255.255.255.252
           [90/31232] via 164.72.232.25, 20:19:53, outside
D EX 172.20.20.0 255.255.255.0
           [170/36352] via 164.72.232.25, 20:19:53, outside
D    172.26.54.128 255.255.255.240
           [90/269568] via 164.72.232.25, 20:19:53, outside
D    172.26.179.0 255.255.255.128
           [90/37120] via 164.72.232.25, 20:19:53, outside
D    172.26.49.128 255.255.255.128
           [90/31232] via 164.72.232.25, 20:19:53, outside
D    172.26.190.0 255.255.255.128
           [90/37632] via 164.72.232.25, 20:19:53, outside
D    172.26.185.0 255.255.255.128
           [90/37632] via 164.72.232.25, 20:19:53, outside
D    172.26.38.128 255.255.255.128
           [90/37888] via 164.72.232.25, 20:19:53, outside
D    172.26.166.0 255.255.255.128
           [90/37888] via 164.72.232.25, 20:19:53, outside
D    172.26.54.144 255.255.255.240
           [90/269568] via 164.72.232.25, 20:19:53, outside
D    172.26.167.0 255.255.255.128
           [90/38400] via 164.72.232.25, 20:19:53, outside
D    172.26.39.128 255.255.255.128
           [90/37120] via 164.72.232.25, 20:19:53, outside
D    172.26.36.128 255.255.255.128
           [90/37888] via 164.72.232.25, 20:19:53, outside
D    172.26.164.0 255.255.255.128
           [90/31232] via 164.72.232.25, 20:19:53, outside
.

.
D    172.26.23.128 255.255.255.128
           [90/39936] via 164.72.232.25, 20:19:53, outside
D    172.26.21.128 255.255.255.128
           [90/37888] via 164.72.232.25, 20:19:53, outside
D    172.26.18.128 255.255.255.128
           [90/37888] via 164.72.232.25, 20:19:53, outside
D    172.26.146.0 255.255.255.128
           [90/39936] via 164.72.232.25, 20:19:53, outside
.

.

.
D    164.72.2.172 255.255.255.252
           [90/37632] via 164.72.232.25, 20:19:53, outside
D    164.72.174.0 255.255.255.128
           [90/39936] via 164.72.232.25, 20:19:53, outside
D    164.72.239.64 255.255.255.255
           [90/165376] via 164.72.232.25, 20:19:53, outside
D    164.72.84.251 255.255.255.255
           [90/165376] via 164.72.232.25, 20:19:53, outside
D    164.72.255.80 255.255.255.252
           [90/38144] via 164.72.232.25, 20:19:53, outside
D    164.72.175.0 255.255.255.128
           [90/39680] via 164.72.232.25, 20:19:53, outside
D    164.72.47.128 255.255.255.252
           [90/33792] via 164.72.232.25, 20:19:54, outside
D    164.72.84.252 255.255.255.255
           [90/165120] via 164.72.232.25, 20:19:53, outside
D    164.72.168.0 255.255.255.128
           [90/37632] via 164.72.232.25, 20:19:53, outside
D    164.72.232.64 255.255.255.240
           [90/31488] via 164.72.232.25, 20:19:53, outside
D    164.72.188.20 255.255.255.252
           [90/4238080] via 164.72.232.25, 20:19:53, outside
D    164.72.239.71 255.255.255.255
           [90/165120] via 164.72.232.25, 20:19:53, outside
D    164.72.40.128 255.255.255.128
           [90/39168] via 164.72.232.25, 20:19:53, outside
D    164.72.84.253 255.255.255.255
           [90/165632] via 164.72.232.25, 20:19:53, outside
D    164.72.169.0 255.255.255.128
           [90/37632] via 164.72.232.25, 20:19:53, outside
D    164.72.239.70 255.255.255.255
           [90/165120] via 164.72.232.25, 20:19:53, outside
D    164.72.77.228 255.255.255.252
           [90/37632] via 164.72.232.25, 20:19:53, outside
D    164.72.84.254 255.255.255.255
           [90/165632] via 164.72.232.25, 20:19:53, outside
D    164.72.188.22 255.255.255.255
           [90/4238080] via 164.72.232.25, 20:19:53, outside
D    164.72.186.16 255.255.255.252
           [90/37632] via 164.72.232.25, 20:19:53, outside
D    164.72.239.69 255.255.255.255
           [90/165120] via 164.72.232.25, 20:19:53, outside
D    164.72.2.168 255.255.255.252
           [90/37632] via 164.72.232.25, 20:19:53, outside
D    164.72.170.0 255.255.255.128
           [90/38400] via 164.72.232.25, 20:19:53, outside
D    164.72.239.68 255.255.255.255
           [90/165632] via 164.72.232.25, 20:19:53, outside
D    164.72.255.84 255.255.255.252

.

.
D    164.72.187.168 255.255.255.252
           [90/36864] via 164.72.232.25, 20:19:53, outside
D    164.72.19.0 255.255.255.128
           [90/37632] via 164.72.232.25, 20:19:53, outside
D    164.72.147.128 255.255.255.128
           [90/39680] via 164.72.232.25, 20:19:53, outside
D    164.72.159.140 255.255.255.252
           [90/37632] via 164.72.232.25, 20:19:53, outside
S*   0.0.0.0 0.0.0.0 [1/0] via 164.72.232.25, outside
D EX 208.89.126.0 255.255.254.0
           [170/46080] via 164.72.232.25, 20:19:53, outside

--------------------------------------------------------------------------------------