Solved: OSPF E2 Default route in FTD

great.mathmatician11 · ‎11-25-2023

Hi,

I have a question if someone can help me with that please, I have FTD configured in Active standby and managed by FMC. These FTDs are going in to an upstream nexus switch. I am using RFC1918 addresses between the outside interface of FTD and SVI on the switch. I have run OSPF between the SVI and the outside interface which is working, the neighbourship comes up, switch and FTD are learning the OSPF routes from each other, but the problem is i have issued a command default information originate always on nexus and FTD is not taking a default route in its routing table. In principle it should work but is there any limitation on the FTD?

Your help on this would be highly appreciated.

MHM Cisco World · ‎11-26-2023

You are so so welcome'

Glad issue is solved finally.

Now clean your config' any unnecessary steps we add through troubleshooting remove it.

Have a nice day

MHM

View solution in original post

MHM Cisco World · ‎11-25-2023

Nexus is ABR or ASBR or internal ?

Only ABR and internal router can advertise defualt route via ospf if it not in rib using always keyword.

If nsk is asbr then you need to add defualt route to rib.

great.mathmatician11 · ‎11-25-2023

Hi, Nexus is Internal and everything within Nexus is in area 1, FTD has two interfaces the LAN interface goes to area 0 and upstream WAN link goes to area 1 towards nexus. On nexus I have tried default information originate always and it didnt work, just for testing purposes I have tried adding a default route towards null interface as well but it did not help.

For the testing purposes I deviated from my design and added everything in area 0 LAN and WAN but it didnt much help either. Can it be impacted by licenses, I can not seem have alot of documentation for OSPF in FTD.

MHM Cisco World · ‎11-25-2023

Ok, let forget defualt route for moment,

Add and static route on nsk and redistribute static subnet into ospf

See if this route is appear in ftd or not.

great.mathmatician11 · ‎11-26-2023

Hi,

I created a default route on the nexus pointing towards the null0, its in the rib as well, I redistributed in to ospf but it is not showing up in the FTD. I am really confused what is happening here

MHM Cisco World · ‎11-26-2023

Friend as I mention above'

Dont use defualt route' add any other static route like

Ip route 111.111.111.111 255.255.255.255 null0

Then redistrubte it

Check if ftd see it or not'

I think there is no ospf between nsk and ftd

great.mathmatician11 · ‎11-26-2023

there is ospf between FTD and NSK.

great.mathmatician11 · ‎11-26-2023

this is the output from the FTD

great.mathmatician11 · ‎11-26-2023

Yes this is the output and routes from the FTD, FTD has only 1 OSPF neighbour and that is the nexus

great.mathmatician11 · ‎11-26-2023

This is another screenshot from the FTD, i think the problem is with Nexus, I created a static route and redistribute it with route-map any any which matches the prefixes list 0.0.0.0/0 le 32 but i can not see any e2 routes and FTD is not accepting any E1 or E2 routes

MHM Cisco World · ‎11-26-2023

Can you share how you config nexus.

great.mathmatician11 · ‎11-26-2023

here you go

I managed to bring the 1.1.1.1/32 route in the FTD as E2 route but default route is still not comming in. I have started to think if there is a limitation

MHM Cisco World · ‎11-26-2023

Do you add defualt information under vrf address family of ospf?

great.mathmatician11 · ‎11-26-2023

Hi,

I have added and deleted that as part of the investigation, but it makes no difference! I think I have not added licenses to the FTDs, will it make any difference? Its just its not taking an E1 or E2 default route, I just tested putting another router to the nexus and run ospf between nexus and the router, the router takes the default route but FTD does not.

MHM Cisco World · ‎11-26-2023

Just to check again'

Add defualt information originate under vrf of ospf and check with always keyword.

I think you add it under global not under vrf context.

MHM