Hi all, this is my first post since I didn’t have to ask for help before.
I'm experiencing a something weird with the new ASA 5545X. Here's the setup before I start. I have two switches and two ASA in active/standby as connected below. These devices are running OSPF 128 in one area (Area 0).I'm pinging from both laptops to each other both ways. The ASA has the latest "8.6.1-5" image. I've configured the firewall failover polltime to 1s with holdtime of 4s. Pings both ways OK.
<LAPTOP> IP:10.112.132.10/24
| [ACCESS PORT VLAN10]
/ <SWITCH> \ [SVI VLAN10: IP:10.112.132.1/24]
/ \ [SVI VLAN20: IP:10.113.128.11/28]
.12 / [ACCESS PORT VLAN20] \ .13
<ASA-ACTIVE> --- FOVER LINK --- <ASA-STANDBY>
.4 \ [ACCESS PORT VLAN30] / .5
\ / [SVI VLAN30: IP:10.113.130.2/27]
\ <SWITCH> / [SVI VLAN40: IP:10.113.130.17/27]
| [ACCESS PORT VLAN40]
<LAPTOP> IP: 10.113.130.20/27
I fail the primary firewall (ASA-ACTIVE). I get a 4 seconds ping loss which is expected (holdtime) however after 10 seconds of pings I get another outage which last anywhere between 5 and 15 seconds. I've done a fair amount of debugging and I did notice that the second outage occurs with the OSPF neighbor goes from "loading" to "full". This doesn't make any sense because the routing table is fully populated when going to “full”.
When perfoming a manual fail back (type failover active on ASA-ACTIVE), pings goes on for approximately 10seconds and then an outage between 5 to 15 seconds. Agsin this outage occurs when OSPF neighbor goes from "loading" to "full".
I've tried debugging on the switches and found nothing. Could it be some LS updates going around cause OSPF to converge? I'm stuck and was hoping someone out there may know the cause before I log a TAC.
Thanks in advanced.
James.
