Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1026
Views
0
Helpful
2
Replies

%OSPF-4-ERRRCV: Received invalid packet: mismatch area ID from x.x.x.x, VLANXX

mwood000111
Level 1
Level 1

‎12-28-2018 10:48 AM - edited ‎03-08-2019 04:54 PM

Setting up a simulation in VIRL of our network.  Flow of traffic is below.  There is some hairpinning from core to ASA (inside) then ASA (WAN) back to core and to edge router out

 

Core-->ASA-->Core-->Edge router

 

We have a single ASA and are looking to add another pair and enable HA.

 

ASA has an OSPF adjacency to a C9300 Core 1 and a C9300 Core 2 (HSRP).  I have HA created between the FW pairs and once I failover, I see this message below on Core 1 and Core 2:

 

*Dec 28 18:17:42.658: %OSPF-4-ERRRCV: Received invalid packet: mismatched area ID from backbone area from x.x.x.x, Vlan51

 

Failover is successful and the standby becomes the primary but OSPF doesnt form and no routes are propagated on ASA.  I fail back over to primary and error is gone and OSPF forms.   Any thoughts?  Pertinent configs below:

 

Core 1

interface Vlan51
ip address 10.5.7.36 255.255.255.240
ip ospf lls disable
ip ospf 1 area 3

 

Core 2

interface Vlan51
ip address 10.5.7.37 255.255.255.240
ip ospf lls disable
ip ospf 1 area 3

 

ASA

router ospf 20
router-id 10.5.7.33
network 10.5.7.0 255.255.255.0 area 3
log-adj-changes
redistribute static subnets route-map FilterDMZ
default-information originate

 

 

 

Any assistance would be appreciated.  Thanks. 

Labels:
0 Helpful
2 Replies 2

Georg Pauwen
VIP
VIP

‎12-28-2018 09:54 PM

Hello,

 

I am not sure if this is related at all, but I remember a quirk in VIRL where the MAC addresses on the firewall interfaces were the same by default, and you couldn't even connect two firewalls back to back without manually changing the MAC address on one interface...check if by any chance both your firewalls are using the same interfaces to connect, and if so, change the MAC address on one of them.

0 Helpful

paul driver
VIP
VIP

‎12-29-2018 03:33 AM

Hello

@mwood000111 wrote:

interface Vlan51
ip address 10.5.7.37 255.255.255.240

 

ASA

router ospf 20
network 10.5.7.0 255.255.255.0 area 3

Make sure the network statements are the correct on the ospf peerings so they are see as being in the same area

 

 

 

 

 

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents