12-22-2014 05:55 PM - edited 03-07-2019 09:59 PM
Hi guys,
I have got the following setup:
> 3-legged ASA setup (external, DMZ, internal)
> External interface uses 100.100.100.0/30 (substitute for real addresses)
> DMZ interface uses 10.185.3.0/24 (public addresses are served with NAT at external interface)
> Internal interface uses 10.185.100.20/30 (a P2P link to a Layer 3 switch)
> ASA end is 10.185.100.21, Switch end is 10.185.100.22
> Both ASA and Switch are running OSPF
> ASA is redistributing connected interfaces (for the purpose of this case, the aforementioned DMZ private subnet)
> OSPF neighbourship is good (with standard OSPF settings - area 0, network type, hello/dead timers, etc)
> IP routing on switch is enabled
The question is why does the DMZ 10.185.3.0/24 subnet not appear on the Switch routing table?
> That specific route is present in the OSPF database on the Switch (see below)
> It is a Type 5 LSA due to the aforementioned redistribution at ASA
> No other more-specific routes in this scenario
> show ip route 10.185.3.0 says subnet is not in routing table
> Notice no Routing bit set on this LSA line below too
> I have read Cisco's common OSPF routing problems in regards to this topic
Many thanks.
LS age: 2828
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 100.100.100.0 (External Network Number )
Advertising Router: 10.185.100.21
LS Seq Number: 800000D4
Checksum: 0x84DA
Length: 36
Network Mask: /30
Metric Type: 1 (Comparable directly to link state metric)
TOS: 0
Metric: 1
Forward Address: 0.0.0.0
External Route Tag: 0
12-22-2014 08:10 PM
Hi,
Is Inter interface communication enabled on the firewall?
same-security-traffic permit inter-interface
HTH
12-23-2014 12:50 AM
Hello.
Have you checked LSA 10.185.3.0 on the switch? Do you have it in LSDB? Could you provide it?
Do you see ASA as ASBR (sh ip ospf border)?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide