cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
522
Views
1
Helpful
4
Replies

Why isn't route 172.16.220.15/32 showing on all EIGRP routing tables?

SYMPTOM: Nexus EIGRP redistributed route points to ASA IP address 172.16.220.15. BUT all network devices, including ASA, routing tables says route is through nexus (?)...

Nexus9k# sh ip route 172.16.25.0 (!! anyconnect subnet on ASA !!)

172.16.25.0/24
*via 172.16.220.15, [1/0], 1w6d, static  !! This 172.16.220.15 is ASA. This is correct architecture. !!

!! Above static route is EIGRP redistributed from this Nexus throughout network !!

--

BUT...

ASA5525# sh route

D EX 172.16.25.0 255.255.255.0 [170/3072] via 172.16.220.3 !! THIS IS NEXUS IP-ADDRESS. !!, 1w6d, Inside

This is strange, and seems to be forming a loop between the ASA and the Nexus.

---

At least three devices are naturally EIGRP advertising 172.16.220.0/24 because an interface is in this subnet. There are no routes in routing tables to 172.16.220.15 /32 

I thought i would solve this problem by inserting into the ASA the EIGRP advertisement...

ASA5525#router eigrp 1

network 172.16.220.15 255.255.255.255 !! (ASA syntax uses masks not wildcards) !!

ASA5525#sh run router eigrp
router eigrp 1
distribute-list eigrpR_1 in interface Inside
network 172.16.54.0 255.255.255.0
network 172.16.220.0 255.255.255.0
network 35.223.21.0 255.255.255.0
network 172.16.220.15 255.255.255.255

...but this did not fix routing symptom. No routing tables changed anywhere in network.

Question:

Why isn't route 172.16.220.15/32 showing on all EIGRP device routing tables?

Thank you.

4 Replies 4

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello @jmaxwellUSAF ,

you would need a loopback address on the ASA to represent the VPN client address pool 172.16.25.0/24 and you should advertise it in EIGRP on the ASA only using a network command like  network 172.16.25.0 255.255.255.0

and you should remove that static and the redistribution on the Nexus 9k.

The reason why the command

>> Why isn't route 172.16.220.15/32 showing on all EIGRP device routing tables?

The host route is assigned to a VPN client but it is not a logical interface on your ASA, it is the result of remote VPN negotiation.

As a result of this the host route is not advertised in EIGRP, that was your concern in another related thread

Hope to help

Giuseppe

 

Regardless of the Anyconnect config, I have ASA interface inside g0/1 = 172.16.220.15/32. Why is this not seen on Eigrp network devices? 

Other distant devices with routes to this subnet have destinations which are other local devices, not the ASA. Perhaps this has to do with metrics, but maybe not. When I advertised the network 172.16.220.15/32, I expected the route would propagate. 

Why did this route not propagate through the network?

Hello.

Given:

ASA5525# sh int ip br
GigabitEthernet0/5 172.16.220.15           YES manual up up
---

ASA5525# sh run router eigrp
router eigrp 1
distribute-list eigrpACL_FR_1 in interface Inside
eigrp router-id 172.16.220.15
network 172.16.220.0 255.255.255.0
network 172.16.220.15 255.255.255.255
redistribute static route-map STATIC2EIGRP1
!
---

Distant_Router_2925#sh ip route
!! (output omitted)!!
D 172.16.144.0/24
[90/3072] via 172.16.137.1, 01:12:56, GigabitEthernet0/1
D 172.16.220.0/24 [90/522496] via 192.168.204.1, Tunnel80
D 172.16.227.0/24 [90/522752] via 192.168.204.1, Tunnel80

!! ( all device routing tables have this similar above output that is missing the 172.16.220.15/32 route.) !!

QUESTION: Why is 172.16.220.15/32 not being distributed (not seen in the routing tables) in the EIGRP 1 other devices?

Thank you.

Hello @jmaxwellUSAF ,

I am not able to understand why you are configuring a /32 under a LAN interface.

However, the ASA is a firewall you need to configure the name of interface and a security level to make it usable by the FW .

int gi0/5

nameif TEST

security-level 49

if these commands are missing gi0/5 is ignored by the firewall. If these commands are in place there might be another reason.

Hope to help

Giuseppe

 

Review Cisco Networking for a $25 gift card