10-28-2011 03:27 AM - edited 03-07-2019 03:06 AM
Hi, community. I have strange problem between Cisco ASA 5510 with 8.4.2 and Cisco 3825 with IOS 15.0(1)M7 (same with 12.4(15)T15).
asa# sh eigrp neighbors
EIGRP-IPv4 neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 10.27.6.3 Et0/0 14 00:00:14 1 5000 2 66099
As you can see here two routes in the queue always.
Here is debug eigrp packets update:
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 2, RTO 4500 topoid 0
AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 3, RTO 5000 topoid 0
AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 4, RTO 5000 topoid 0
AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 5, RTO 5000 topoid 0
AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 6, RTO 5000 topoid 0
AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 7, RTO 5000 topoid 0
AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 8, RTO 5000 topoid 0
AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 9, RTO 5000 topoid 0
AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 10, RTO 5000 topoid 0
AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 11, RTO 5000 topoid 0
AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 12, RTO 5000 topoid 0
AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 13, RTO 5000 topoid 0
AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 14, RTO 5000 topoid 0
AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 15, RTO 5000 topoid 0
AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 16, RTO 5000 topoid 0
AS 65536, Flags 0x1, Seq 6255/65952 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 65952/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Enqueueing UPDATE on Ethernet0/0 nbr 10.27.6.3 topoid 0 iidbQ un/rely 0/1 peerQ un/rely 0/0
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3 topoid 0
AS 65536, Flags 0x1, Seq 6257/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/1
EIGRP: Enqueueing UPDATE on Ethernet0/0 topoid 0 iidbQ un/rely 0/1 serno 1-1
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/1 peerQ un/rely 0/1
EIGRP: Enqueueing UPDATE on Ethernet0/0 nbr 10.27.6.3 topoid 0 iidbQ un/rely 0/0 peerQ un/rely 0/1 serno 1-1
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 1, RTO 3000 topoid 0
AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 2, RTO 4500 topoid 0
AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 3, RTO 5000 topoid 0
AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 4, RTO 5000 topoid 0
AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 5, RTO 5000 topoid 0
AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 6, RTO 5000 topoid 0
AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 7, RTO 5000 topoid 0
AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 8, RTO 5000 topoid 0
AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 9, RTO 5000 topoid 0
AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 10, RTO 5000 topoid 0
AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 11, RTO 5000 topoid 0
AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 12, RTO 5000 topoid 0
AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 13, RTO 5000 topoid 0
AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 14, RTO 5000 topoid 0
AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 15, RTO 5000 topoid 0
AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3, retry 16, RTO 5000 topoid 0
AS 65536, Flags 0x1, Seq 6257/66055 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 66055/0 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/2
sh EIGRP: Enqueueing UPDATE on Ethernet0/0 nbr 10.27.6.3 topoid 0 iidbQ un/rely 0/1 peerQ un/rely 0/0
EIGRP: Received UPDATE on Ethernet0/0 nbr 10.27.6.3
AS 65536, Flags 0x1, Seq 66099/0 interfaceQ 255/255 iidbQ un/rely 0/1 peerQ un/rely 0/0
EIGRP: Sending UPDATE on Ethernet0/0 nbr 10.27.6.3 topoid 0
AS 65536, Flags 0x1, Seq 6259/66099 interfaceQ 255/255 iidbQ un/rely 0/0 peerQ un/rely 0/1
EIGRP: Enqueueing UPDATE on Ethernet0/0 topoid 0 iidbQ un/rely 0/1 serno 1-1
EIGRP: Enqueueing UPDATE on Ethernet0/0 nbr 10.27.6.3 topoid 0 iidbQ un/rely 0/0 peerQ un/rely 0/1 serno 1-1
On the other side (3825) output looks like this:
3825#sh ip eigrp neighbors G0/0.660
EIGRP-IPv4 Neighbors for AS(1)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
35 10.27.6.1 Gi0/0.660 11 00:00:25 1 5000 1 0
3825#sh ip eigrp interfaces G0/0.660
EIGRP-IPv4 Interfaces for AS(1)
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Gi0/0.660 1 0/0 0 0/1 50 276
And debug "eigrp packet update" shows this:
t 28 10:15:40.726: AS 1, Flags 0x0:(NULL), Seq 0/66108 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1
Oct 28 10:15:42.002: EIGRP: Sending UPDATE on GigabitEthernet0/0.660 nbr 10.27.6.1, retry 2, RTO 4500 tid 0
Oct 28 10:15:42.002: AS 1, Flags 0x1:(INIT), Seq 66099/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1
Oct 28 10:15:46.502: EIGRP: Sending UPDATE on GigabitEthernet0/0.660 nbr 10.27.6.1, retry 3, RTO 5000 tid 0
Oct 28 10:15:46.502: AS 1, Flags 0x1:(INIT), Seq 66099/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1
Oct 28 10:15:51.503: EIGRP: Sending UPDATE on GigabitEthernet0/0.660 nbr 10.27.6.1, retry 4, RTO 5000 tid 0
Oct 28 10:15:51.503: AS 1, Flags 0x1:(INIT), Seq 66099/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1
Oct 28 10:15:56.503: EIGRP: Sending UPDATE on GigabitEthernet0/0.660 nbr 10.27.6.1, retry 5, RTO 5000 tid 0
Oct 28 10:15:56.503: AS 1, Flags 0x1:(INIT), Seq 66099/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1
Oct 28 10:16:01.503: EIGRP: Sending UPDATE on GigabitEthernet0/0.660 nbr 10.27.6.1, retry 6, RTO 5000 tid 0
Oct 28 10:16:01.503: AS 1, Flags 0x1:(INIT), Seq 66099/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1
Oct 28 10:16:06.503: EIGRP: Sending UPDATE on GigabitEthernet0/0.660 nbr 10.27.6.1, retry 7, RTO 5000 tid 0
Oct 28 10:16:06.503: AS 1, Flags 0x1:(INIT), Seq 66099/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1
Oct 28 10:16:11.503: EIGRP: Sending UPDATE on GigabitEthernet0/0.660 nbr 10.27.6.1, retry 8, RTO 5000 tid 0
Oct 28 10:16:11.503: AS 1, Flags 0x1:(INIT), Seq 66099/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1
Oct 28 10:16:16.503: EIGRP: Sending UPDATE on GigabitEthernet0/0.660 nbr 10.27.6.1, retry 9, RTO 5000 tid 0
Oct 28 10:16:16.503: AS 1, Flags 0x1:(INIT), Seq 66099/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1
Oct 28 10:16:21.503: EIGRP: Sending UPDATE on GigabitEthernet0/0.660 nbr 10.27.6.1, retry 10, RTO 5000 tid 0
Oct 28 10:16:21.503: AS 1, Flags 0x1:(INIT), Seq 66099/0 interfaceQ 1/0 iidbQ un/rely 0/0 peerQ un/rely 0/1
Oct 28 10:16:26.503: EIGRP: Sending UPDATE on GigabitEthernet0/0.660 nbr 10.27.6.1, retry 11, RTO 5000 tid 0
Oct 28 10:16:26.503: AS 1, Flags 0x1:(INIT), Seq 66099/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1
Oct 28 10:16:31.503: EIGRP: Sending UPDATE on GigabitEthernet0/0.660 nbr 10.27.6.1, retry 12, RTO 5000 tid 0
Oct 28 10:16:31.503: AS 1, Flags 0x1:(INIT), Seq 66099/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1
Oct 28 21:16:56 KHB: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.27.6.1 (GigabitEthernet0/0.660) is down: Interface PEER-TERMINATION received
Oct 28 21:16:57 KHB: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.27.6.1 (GigabitEthernet0/0.660) is up: new adjacency
Oct 28 21:18:16 KHB: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.27.6.1 (GigabitEthernet0/0.660) is down: Interface PEER-TERMINATION received
Oct 28 21:18:20 KHB: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.27.6.1 (GigabitEthernet0/0.660) is up: new adjacency
From router I can ping ASA:
3825#ping 10.27.6.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.27.6.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
BUT I CAN'T FROM ASA! That's strange because there is no control-plane access-lists.
asa# ping 10.27.6.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.27.6.3, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)
There is only 3750G switch between them. No kind of VACL or mac address-lists configured on facing ports.
Interesting that I have another pair of 3825-asa with similar configuration plugged into the same switch in another vlan between them and they have no such issue.
Please suggest that to check? How to troubleshoot? Troubleshooting steps?
Another question is regarding debug output on ASA. Why I can see there AS65536 although my AS is 1?
11-03-2011 07:28 AM
Hi,
so ASA never sends unicast messages to the 3825 but receives them from the router.
From the previous debug it was trying to send unicast updates but was never receiving acks from the router and the router was sending unicats updates but was never receiving acks from the ASA.
So we can see that the problem is surely on the ASA side which is sending multicast hellos but not unicast updates or acks out its inside interface.
But why are these packets never coming out the interface?
Can you do a detailed capture once again and save it as cap file and send it here.
Regards.
Alain.
11-03-2011 07:34 AM
Hi! Detailed captures was attached.
11-03-2011 07:37 AM
Hi,
I don't see it.
Alain.
11-03-2011 07:41 AM
Look at the first message attachment.
11-03-2011 07:53 AM
Hi,
ok I saw them
does address of the router appears in arp cache of ASA?
Is all unicast traffic to the router failing in addition to ICMP?
Alain.
11-05-2011 01:13 AM
Arp cache on ASA shows arp entry for 3825:
inside 10.27.6.3 0024.c415.9b00 1605
I have no ability to check this since asa have no any tools (telnet, ssh) as you probably know.
11-05-2011 01:35 AM
Hi! Thank you all for replays and help, but the problem was with another strange issue. How it was fixed?
First of all I was confused by packet-tracer output:
asa-02# packet-tracer input inside tcp 10.27.6.1 ssh 10.27.6.3 ssh
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 outside
Phase: 3
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
object network RT_02_EXT
nat (any,any) static RT_02_INT
Additional Information:
NAT divert to egress interface outside
Untranslate 10.27.6.3/22 to x.x.x.x/22
Phase: 4
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
Although packet is not ingress to inside interface ( actually it is generated by ASA), I've noticed that here is some kind of UN-NAT used.
So I begin to investigate my Nat rules and found two duplicated entries:
!
object network RT_02_EXT
nat (any,any) static RT_02_INT
object network RT_02_INT
nat (any,any) static RT_02_EXT
!
As you can see it was some kind of misconfiguration. I've deleted second entry and now connectivity is ok.
Once again behavior of packet-tracer changed (althougth it is not ingress to inside):
asa-02# packet-tracer input inside tcp 10.27.6.1 ssh 10.27.6.3 ssh
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 10.27.6.0 255.255.255.0 inside
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
Conclusion: always take a look at something strange in troubleshooting commands output.
Once again thanks all. Please mark somebody my topic as resolved.
11-05-2011 04:40 AM
glad to hear that your problem is solved but I still don't get why your ASA was getting AS 65536??? Why was it sendin the BGP AS across
11-05-2011 05:32 AM
Maximum number of the EIGRP AS is 65535. 65536 as you mentioned can be only 4 byte BGP AS Number, but BGP has no any place here. Seems to me here is cosmetic bug in debug of ASA OS 8.4.2. It displays EIGRP AS 1 as 65536 ( EIGRP AS MAX + 1).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide