cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2151
Views
0
Helpful
11
Replies

Cisco FMC OSPF routing Redistribution disabled

telesymbol
Level 1
Level 1

Dear All,

we've FTDs managed by FMC, OSPF is configured and working. our FTDs are directly connected to ISP ADSL for internet connectivity. for some reasons we've to put router between FTDs & ADSL and for that reason we're about to disable default information originate and redistribute static route pointing to the router for internet connection. but on the FMC OSPF process section redistribution is disabled and a message "redistribution is disabled for the role internal router" is shown and we're not able to make redistribution. please advise

11 Replies 11

what the type of area you use ? 
I think the area type prevent you from redistribute the static route 

Area Type is Normal

FTD-ISP ADSL 
there is static route in FTD toward the ISP ADSL 
and you need to redistribute it into the IN of FTD ??
check if you run also any OSPF between FTD and ISP ADSL 

I've attached here the existing and planned connectivity, if it makes things clear to u.

in OSPF Role select (ABR & ASBR) not internal router 

Thanks MHM for your swift & valuable responses.

one thing to note here is, the reason we're planning to redistribute the static route to OSPF & remove default information originate from OSPF on the FMC is, after changing our connectivity to FTD->Router->ISP ADSL. internet got disconnected two times in a day & restored after rebooting the router, which makes us to think the reason is the configuration of OSPF on the FMC.

configurations on the router are, 1. NAT overload for internet, 2. Static NAT to FTD outside interface for remote access VPN connection & 3. Static NAT for web portal installed at DMZ. And please advise on the situation.

Regards

Internet Router is router connect to only one Area in all Link 
ABR Router is router connect to one link in Area 0 and other connect to other different Area 
ABSR Router is router connect to one link in Area and have redistribute, here you config static and you redistribute the static into OSPF so it must be ABSR, and that they explain 
""redistribution is disabled for the role internal route""

because the internal router dont have any redistribute.

our scenario is, FTD is connected to Core switch & WAN router with OSPF (two links in area 0) and Static route to internet router. Default route is configured on internet router to route internet traffic to ISP. So which area type would be best for us ?

configuring Static NAT for FTD outside interface for remote access VPN and web portal in DMZ on the internet router could make internet router busy ? please advise. this is because when we reload the internet router, internet starts working properly for some time & disconnected after some time.

in WAN router can I see show ip route ?

WAN-Router-01#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected

Gateway of last resort is 10.100.254.2 to network 0.0.0.0 -> 10.100.254.2 is FTD Interface

O*E1 0.0.0.0/0 [110/21] via 10.100.254.2, 09:13:29, BDI100
10.0.0.0/8 is variably subnetted, 40 subnets, 7 masks
O 10.100.2.0/25 [110/12] via 10.100.254.2, 1w1d, BDI100
O 10.100.2.128/29 [110/11] via 10.100.254.2, 1w1d, BDI100
O 10.100.2.136/29 [110/11] via 10.100.254.2, 1w1d, BDI100
C 10.100.2.144/29 is directly connected, Loopback0
L 10.100.2.145/32 is directly connected, Loopback0
O 10.100.5.0/24 [110/11] via 10.100.254.2, 1w1d, BDI100
O 10.100.6.0/24 [110/11] via 10.100.254.2, 1w1d, BDI100
O 10.100.7.0/24 [110/12] via 10.100.254.2, 1w1d, BDI100
O 10.100.8.0/24 [110/12] via 10.100.254.2, 1w1d, BDI100
O 10.100.10.0/24 [110/12] via 10.100.254.2, 1w1d, BDI100
O 10.100.11.0/24 [110/12] via 10.100.254.2, 1w1d, BDI100

I've omitted rest of lines, please let me know if u want the whole lines of outputs

What we want.jpg
I check you config, 
only think I notice the WAN router have default route toward your FTD, are there any other Site using this HQ site to access Internet?
anyway, 
during the internet failed, can anyone from internet access to Server using static NAT?
do 
show ip nat statistic 
in Internet Router.