cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

942
Views
0
Helpful
0
Replies
Highlighted

CSM 4.5 - change in how CSM handles router-id on clustered ASA

Hi,

we run several ASA active/active cluster in spanned etherchannel mode (so the cluster has a single IP and a single OSPF process running on the master FW). Until CSM 4.4sp2 we've manually set the OSPF router-id since we had some bad experiences when moving a subnet from one virtual FW to another that the ASA would use the IP adress of the deactivated interface as an OSPF router-id thus causing us to have two conflicting OSPF router id's. The workaround to this was to set the router-id manually and that has worked great.

Unfortunately it seems that with CSM 4.5 they've changed this functionality. Now the only options are "Automatic" where the ASA chooses the router-id itself (opening us up to the same problem that we had before setting the router-id manually) and cluster-pool which is meant for an ASA cluster in individual-interface mode.

I cannot use flexconfig to set the OSPF router-id as the CSM will go back and remove it at a later time thus causing a reset of the OSPF process.

This also caused alot of problems when pushing configurations where the OSPF process would be in a limbo state; OSPF was up and routes were in but due to a change in the router-id and CSM not being able to reset the OSPF process properly not all traffic was flowing through the firewall.

Any good ideas on how to resolve this or is a TAC case the only solution (to hopefully get the option to define router-id manully for spanned-etherchannel clusters back into CSM...)