Hi,

smrh13631 · ‎02-12-2016

Hello

last night we had ASAs IOS upgrade, when our ASAs booted up our data center went down and we lost our connectivity to the boxes

after getting access to the box with remote hand help , we observed that ospf between our ASAs firewall and core switches which are Nexus 5k did not formed and they stuck on the EXCHANGE state, we called CISCO TAC for help and they said in the new code there is a BUG so we reverted back to the old code and everything came up. My question is : in the new code we observed that our WAN,DMZ,APP and ... zones could not learn the MAC address of each respective IPs and only untrust interface is in the arp table and when we add for example WAN interface MAC address manually, its MAC add installed on the arp table and adjacency formed.

what is the role of ARP in here to adjacency get form in OSPF ????

Shivapramod M · ‎02-14-2016

Hi,

In the exchange process of the OSPF the Database descriptor packet will be exchanged between the master and slave device. In this state OSPF does not use the multicast IP address instead it uses the interface IP and MAC so the firewall should know the MAC address hence it must have the arp table entry. In version 9.1.7 ARP resolution on ASA fails if the directly connected subnet of an interface overlaps with an entry in proxy-arp list. If you have any NAT statement for the VPN traffic you must have "no-proxy-arp" command set. Then you will not face any issue with 9.1.7.

Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts

Role of arp protocole to form OSPF adj