cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
425
Views
0
Helpful
2
Replies

OSPF route not installed in routing table

DOUGMALLOCH1
Level 1
Level 1

Hi guys,

I have got the following setup:

> 3-legged ASA setup (external, DMZ, internal)

> External interface uses 100.100.100.0/30 (substitute for real addresses)

> DMZ interface uses 10.185.3.0/24 (public addresses are served with NAT at external interface)

> Internal interface uses 10.185.100.20/30 (a P2P link to a Layer 3 switch)

> ASA end is 10.185.100.21, Switch end is 10.185.100.22

> Both ASA and Switch are running OSPF

> ASA is redistributing connected interfaces (for the purpose of this case, the aforementioned DMZ private subnet)

> OSPF neighbourship is good (with standard OSPF settings - area 0, network type, hello/dead timers, etc)

> IP routing on switch is enabled

 

The question is why does the DMZ 10.185.3.0/24 subnet not appear on the Switch routing table?

> That specific route is present in the OSPF database on the Switch (see below)

> It is a Type 5 LSA due to the aforementioned redistribution at ASA

> No other more-specific routes in this scenario

> show ip route 10.185.3.0 says subnet is not in routing table

> Notice no Routing bit set on this LSA line below too

> I have read Cisco's common OSPF routing problems in regards to this topic

Many thanks.

  LS age: 2828
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 100.100.100.0 (External Network Number )
  Advertising Router: 10.185.100.21
  LS Seq Number: 800000D4
  Checksum: 0x84DA
  Length: 36
  Network Mask: /30
        Metric Type: 1 (Comparable directly to link state metric)
        TOS: 0 
        Metric: 1 
        Forward Address: 0.0.0.0
        External Route Tag: 0

2 Replies 2

Reza Sharifi
Hall of Fame
Hall of Fame

Hi,

Is Inter interface communication enabled on the firewall?

same-security-traffic permit inter-interface

HTH

Hello.

Have you checked LSA 10.185.3.0 on the switch? Do you have it in LSDB? Could you provide it?

Do you see ASA as ASBR (sh ip ospf border)?

Review Cisco Networking for a $25 gift card