Eigrp interface peer termination recieved

Brandon_Snopek · ‎05-18-2018

Hello all,

I'm having some issues with my network. I currently have a Cisco 2921 router connected to my firewall (ASA 5510) which connects to my border gateway router (Cisco 2911) Everything works fine connects to the internet etc except i'm constantly getting messages stating:

*May 18 08:33:33.231: %DUAL-5-NBRCHANGE: EIGRP-IPv4 55: Neighbor 172.31.254.2 (GigabitEthernet0/1.90) is down: Interface PEER-TERMINATION received
*May 18 08:33:37.751: %DUAL-5-NBRCHANGE: EIGRP-IPv4 55: Neighbor 172.31.254.2 (GigabitEthernet0/1.90) is up: new adjacency
*May 18 08:34:57.263: %DUAL-5-NBRCHANGE: EIGRP-IPv4 55: Neighbor 172.31.254.2 (GigabitEthernet0/1.90) is down: retry limit exceeded
*May 18 08:34:59.831: %DUAL-5-NBRCHANGE: EIGRP-IPv4 55: Neighbor 172.31.254.2 (GigabitEthernet0/1.90) is up: new adjacency
*May 18 08:36:19.343: %DUAL-5-NBRCHANGE: EIGRP-IPv4 55: Neighbor 172.31.254.2 (GigabitEthernet0/1.90) is down: retry limit exceeded
*May 18 08:36:22.911: %DUAL-5-NBRCHANGE: EIGRP-IPv4 55: Neighbor 172.31.254.2 (GigabitEthernet0/1.90) is up: new adjacencyC

After some debugging and troubleshooting i found the cause is my interface to my ASA inside.

When i have the interface configured for IP Nat out everything works fine and i have internet but soon as i change it to IP NAT inside the eigrp messges go away but consequently i loose my internet connectivity.

What is the solution to this if anybody has one.

EIGRP-IPv4 Neighbors for AS(55)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 172.31.254.2 Gi0/1.90 14 00:00:41 1 5000 1 0

this is with the interface having ip nat outside

without ip nat outside enabled and ip nat inside enabled RTO goes to 100

thanks in advance.

Brandon_Snopek · ‎05-18-2018

Here's the network config for the router interfaces

ip dhcp pool vlan 10
network 192.168.10.0 255.255.255.0
dns-server 209.18.47.62 209.18.47.61
default-router 192.168.10.1
!
ip dhcp pool vlan 20
network 192.168.11.0 255.255.255.0
dns-server 209.18.47.62 209.18.47.61
default-router 192.168.11.1
!
ip dhcp pool vlan 50
network 178.25.12.0 255.255.255.0
dns-server 209.18.47.62 209.18.47.61
default-router 178.25.12.1
!
ip dhcp pool vlan 70
network 193.168.40.0 255.255.255.0
dns-server 209.18.47.62 209.18.47.61
default-router 193.168.40.1
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.11.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.50
encapsulation dot1Q 50
ip address 178.25.12.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.70
encapsulation dot1Q 70
ip address 193.168.40.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.100
encapsulation dot1Q 100 native
ip address 172.16.1.1 255.255.255.252
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.90
description ASA Link
encapsulation dot1Q 90
ip address 172.31.254.1 255.255.255.252
ip access-group 101 in
ip access-group 101 out
ip nat outside
ip virtual-reassembly in
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
!
router eigrp 55
network 172.16.1.0 0.0.0.3
network 172.31.254.0 0.0.0.3
network 178.25.12.0 0.0.0.255
network 192.168.10.0
network 192.168.11.0
network 193.168.40.0
neighbor 172.31.254.2 GigabitEthernet0/1.90
passive-interface GigabitEthernet0/0.100
passive-interface GigabitEthernet0/0.10
passive-interface GigabitEthernet0/0.20
passive-interface GigabitEthernet0/0.50
passive-interface GigabitEthernet0/0.70
eigrp router-id 172.31.254.1
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 101 interface GigabitEthernet0/1.90 overload
ip route 0.0.0.0 0.0.0.0 172.31.254.2
!
!
!
access-list 101 permit ip any any
access-list 101 permit tcp any any
access-list 101 permit udp any any
access-list 101 permit icmp any any

chrihussey · ‎05-18-2018

Have you tried excluding EIGRP from the ACL?

!

access-list 101 deny eigrp any any
access-list 101 permit ip any any
access-list 101 permit tcp any any
access-list 101 permit udp any any
access-list 101 permit icmp any any

!

Brandon_Snopek · ‎05-18-2018

I have not. I will give that a try.

khldk · ‎05-18-2018

You might do this:

passive-interface default
no passive-interface GigabitEthernet0/1.90

Since the subnet and subinterface's are directly connect I see no reason for the neighbor statement.

Brandon_Snopek · ‎05-19-2018

will see how that works, i added both statements and i removed the neighbor statement from eigrp. hopefully that fixes whatever was causing the problem which i'm still unsure about.