Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1671
Views
0
Helpful
4
Replies

OSPF Input Packets Ignored

jonathangamlin
Level 1
Level 1

‎09-27-2012 09:28 AM - edited ‎03-11-2019 05:00 PM

I am trying to configure my ASA 5545 firewall in area 0 but when I do so, the neighbor relationship never establishes.  A debug on OSPF gives only one response:

OSPF: Input packet ignored.

Here is my configuration:

ASA 5545:

router ospf 65310

router-id 10.222.171.161

network 10.0.0.0 255.0.0.0 area 0

area 0 authentication message-digest

log-adj-changes

interface GigabitEthernet0/1.20

vlan 20

nameif INSIDE

security-level 100

ip address 10.222.171.161 255.255.255.248

ospf message-digest-key 1 md5 *****

ospf authentication message-digest

4948E:

router ospf 65310

router-id 167.68.126.136

log-adjacency-changes

area 0 authentication message-digest

passive-interface default

no passive-interface Vlan20

network 10.222.171.164 0.0.0.0 area 0

interface Vlan20

description wan-eag-diste-fw1 INSIDE

ip address 10.222.171.164 255.255.255.248

ip ospf message-digest-key 1 md5 test

I have already verifed that the key matches on both neighbors.  Any idea why the ASA is ignoring the input packets?

Labels:
0 Helpful
4 Replies 4

Harish Balakrishnan
Spotlight
Spotlight

‎09-27-2012 11:38 AM

Hello Jonathan

can you try to do the following

router ospf 65310

no network 10.0.0.0 255.0.0.0 area 0

network 10.222.171.160 255.255.255.248 area 0

Regards

Harish.

0 Helpful

jonathangamlin
Level 1
Level 1
In response to Harish Balakrishnan

‎09-28-2012 06:34 AM

Hi Harish,

I actually tried that and it did not work either.  Interesting enough though, I added failover configuration with the secondary ASA and the OSPF neighbor relationship came up with the directly connected switch.  I am not sure why this would have caused the neighbor relationship to work. 

Thanks for the reply!

0 Helpful

ICT Networks
Level 1
Level 1

‎09-27-2012 01:01 PM

Have you got matching mtu? What does debug ospf events and debug ospf packet give you?

Sent from Cisco Technical Support Android App

0 Helpful

jonathangamlin
Level 1
Level 1
In response to ICT Networks

‎09-28-2012 06:36 AM

Hi Barrie,

The MTU's do match.  The debug only shows "OSPF: Input Packet Ignored."  Interesting enough though, I added failover configuration with the secondary ASA and the OSPF neighbor relationship came up with the directly connected switch. I am not sure why this would have caused the neighbor relationship to work.

Thanks for the reply!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card