cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
141
Views
0
Helpful
0
Replies
Highlighted
Beginner

asym routing problem on asa5500

Hi

I have a ASA5500 that used to be the core router/firewall and I am in the process of moving the non internet facing routing/firewall away from it.

I have come across an issue with, what seems to be a asym routing problem

vlan67 is my WAN vlan - basically a bonded pair of ports on a switch to a L2 connection between site)

I am using OSPF and vlan67 192.168.67.0/24 is area 0.0.0.0 at the other end is pair of routers handling OSPF and routing in that DC

at my DC with the ASA I have

vlan 68 - this is my internal vlan 192.168.68.0/24 which is the interconnect with my main DC internal routers again with OSPF

ASA5500 -> 192.168.68.1 -> router A 192.168.68.2

router A is the DGW for network 192.168.69.0/24 and publishes this via 192.168.68.0/24 network

The 192.168.69.0/24 is a management network .. I have VMWare VC here and other managemen box and iLo, Dracs etc....

I also tried to place the management port of the ASA5500 on here so 192.168.69.254 (&192.168.69.253 ... its a cluster)

I have a tftp server on 192.168.69.7  when I am on console on the ASA5500 and run copy running tftp://192.168.69.7/<filename> it sometimes fails.

it seems like it wants to send via OSPF route... so it has 2 paths to 192.168.69.0/24 1 via the direct connect management 0/0 (I tried this as a vlan on off one of the 1G ports as well) and 1 via 192.168.68.2

That really should be a problem I did think, but I saw no errors in the log I saw no packets on the 192.168.69.0 network ! the tftp would fail ... or work with an empty file

The other annoying thing is that the VC 192.168.69.200 couldn't connect to any esxh hosts in the second data center. I believe the path was

outgoing

192.168.69.200 ->  192.168.69.1 ..(routerA).. 192.168.68.2 -> 192.168.68.1 (asa5500) 192.168.17.1 -> 192.168.17.2 (other DC)

return

(other DC) 192.168.17.2 -> 192.168.17.1 (ASA5500) 192.168.69.254 -> 192.168.69.200 the ASA knows about the directly connect path and i think its having issues with that. But again no error messages in the log !

So I am stuck ... I do have plans on bring the WAN interface over to router A, but I want to make sure its an issue with ASA5500 and I would like to understand what the issue is... Why did the tftp fail !

Thanks

Is this the right forum ???


Everyone's tags (3)
CreatePlease to create content
Content for Community-Ad