Route-map not working? WHY?

Steven Williams · ‎08-10-2015

Created a ip prefix list to allow the default route, then set it in a route-map and applied to ospf process 1200, but it filters everything. This was working about 3 days ago. The only thing that changed is it connects to a new upstream ASA, but the ospf process on the new ASA is exact same as old, has the default-information originate always command on the process. It looks like i am learning the default route from the ASA but its not being put into the RIB?

BNA-4500X-01#conf t
Enter configuration commands, one per line. End with CNTL/Z.
BNA-4500X-01(config)#
BNA-4500X-01(config)#ip prefix-list DEFAULT_ONLY1 seq 10 permit 0.0.0.0/0
BNA-4500X-01(config)#route-map DEFAULT_ROUTE_ONLY_RMAP1 permit 5
BNA-4500X-01(config-route-map)#match ip address prefix-list DEFAULT_ONLY1
BNA-4500X-01(config-route-map)#route-map DEFAULT_ROUTE_ONLY_RMAP1 deny 15
BNA-4500X-01(config-route-map)#exit
BNA-4500X-01(config)#
!
router ospf 1200 vrf YELLOW_PROD
router-id 10.51.100.41
area 0 authentication message-digest
network 10.20.0.1 0.0.0.0 area 0
network 10.20.30.1 0.0.0.0 area 0
network 10.51.100.41 0.0.0.0 area 0
network 192.168.1.1 0.0.0.0 area 0
network 192.168.5.1 0.0.0.0 area 0
network 192.168.12.1 0.0.0.0 area 0
!
BNA-4500X-01(config)#router ospf 1200 vrf YELLOW_PROD
BNA-4500X-01(config-router)#$list route-map DEFAULT_ROUTE_ONLY_RMAP1 in
BNA-4500X-01(config-router)#exit
BNA-4500X-01(config)#exit
BNA-4500X-01#show ip ospf
*Aug 10 06:45:05.496: %SYS-5-CONFIG_I: Configured from console by admin on console
BNA-4500X-01#show ip route vrf YELLOW_PROD

Routing Table: YELLOW_PROD
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks
C 10.20.0.0/24 is directly connected, Vlan700
L 10.20.0.1/32 is directly connected, Vlan700
C 10.51.100.40/29 is directly connected, Vlan1200
L 10.51.100.41/32 is directly connected, Vlan1200
BNA-4500X-01#show ip route vrf YELLOW_PROD

Routing Table: YELLOW_PROD
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks
C 10.20.0.0/24 is directly connected, Vlan700
L 10.20.0.1/32 is directly connected, Vlan700
C 10.51.100.40/29 is directly connected, Vlan1200
L 10.51.100.41/32 is directly connected, Vlan1200
BNA-4500X-01#show ip route vrf YELLOW_PROD

Routing Table: YELLOW_PROD
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks
C 10.20.0.0/24 is directly connected, Vlan700
L 10.20.0.1/32 is directly connected, Vlan700
C 10.51.100.40/29 is directly connected, Vlan1200
L 10.51.100.41/32 is directly connected, Vlan1200
BNA-4500X-01#show ip route vrf YELLOW_PROD

Routing Table: YELLOW_PROD
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks
C 10.20.0.0/24 is directly connected, Vlan700
L 10.20.0.1/32 is directly connected, Vlan700
C 10.51.100.40/29 is directly connected, Vlan1200
L 10.51.100.41/32 is directly connected, Vlan1200

BNA-4500X-01#debug ip ospf 1200 rib
OSPF RIB (Routing Information Base) debugging is on for process 1200
OSPF Local RIB (Routing Information Base) debugging is on for process 1200
OSPF Global RIB (Routing Information Base) debugging is on for process 1200
OSPF Redistribution debugging is on for process 1200
!
BNA-4500X-01#clear ip ospf 1200 process
Reset OSPF process 1200? [no]: yes
BNA-4500X-01#
*Aug 10 06:46:28.732: %OSPF-5-ADJCHG: Process 1200, Nbr 10.51.100.58 on Vlan1200 from FULL to DOWN, Neighbor Down: Interface down or detached
*Aug 10 06:46:28.732: OSPF-1200 LRIB : Local RIB clear
BNA-4500X-01#
*Aug 10 06:46:28.745: %OSPF-5-ADJCHG: Process 1200, Nbr 10.51.100.58 on Vlan1200 from LOADING to FULL, Loading Done
BNA-4500X-01#
*Aug 10 06:46:38.741: OSPF-1200 LRIB : Creating route 10.51.100.40/29
*Aug 10 06:46:38.741: OSPF-1200 LRIB : Add path area 0, type Intra, dist 1, forward 0, tag 0x0, via 10.51.100.41 Vlan1200, route flags (Connected), path flags (Connected), source 10.51.100.58, spf 34, list-type change_list
*Aug 10 06:46:38.741: OSPF-1200 LRIB : Creating new first-hop via 10.51.100.42 on Vlan1200
*Aug 10 06:46:38.741: OSPF-1200 LRIB : Creating route 10.51.100.56/29
*Aug 10 06:46:38.741: OSPF-1200 LRIB : Add pa
BNA-4500X-01#th area 0, type Intra, dist 11, forward 0, tag 0x0, via 10.51.100.42 Vlan1200, route flags (None), path flags (none), source 10.51.100.58, spf 34, list-type change_list
*Aug 10 06:46:38.742: OSPF-1200 LRIB : Creating new first-hop via 10.20.0.1 on Vlan700
*Aug 10 06:46:38.742: OSPF-1200 LRIB : Creating route 10.20.0.0/24
*Aug 10 06:46:38.742: OSPF-1200 LRIB : Add path area 0, type Intra, dist 1, forward 0, tag 0x0, via 10.20.0.1 Vlan700, route flags (Connected), path flags (Connected), source 10.51
BNA-4500X-01#.100.41, spf 34, list-type change_list
*Aug 10 06:46:38.742: OSPF-1200 LRIB : Creating route 10.20.42.0/24
*Aug 10 06:46:38.742: OSPF-1200 LRIB : Add path area 0, type Intra, dist 12, forward 0, tag 0x0, via 10.51.100.42 Vlan1200, route flags (None), path flags (none), source 10.51.100.57, spf 34, list-type change_list
*Aug 10 06:46:38.742: OSPF-1200 GRIB : IP route replace of 1 next hops failed for 10.20.42.0/24 (flags 0x0, type Intra, tag 0x0), retcode 3
*Aug 10 06:46:38.742: OSPF-1200 GRIB :
BNA-4500X-01# Next hop via 10.51.100.42 on Vlan1200 (distance 12, source 10.51.100.57, label 1048578) NOT installed
*Aug 10 06:46:38.742: OSPF-1200 LRIB : Sync'ed 10.20.42.0/24 type Intra - change (Change, HigherCost): added 0 paths, deleted 0 paths, spf 34, route instance 34
*Aug 10 06:46:38.742: OSPF-1200 LRIB : Sync'ed 10.20.0.0/24 type Intra - change (Change, HigherCost): added 0 paths, deleted 0 paths, spf 34, route instance 34
*Aug 10 06:46:38.742: OSPF-1200 GRIB : IP route replace of 1 next hops failed
BNA-4500X-01# for 10.51.100.56/29 (flags 0x0, type Intra, tag 0x0), retcode 3
*Aug 10 06:46:38.742: OSPF-1200 GRIB : Next hop via 10.51.100.42 on Vlan1200 (distance 11, source 10.51.100.58, label 1048578) NOT installed
*Aug 10 06:46:38.742: OSPF-1200 LRIB : Sync'ed 10.51.100.56/29 type Intra - change (Change, HigherCost): added 0 paths, deleted 0 paths, spf 34, route instance 34
*Aug 10 06:46:38.742: OSPF-1200 LRIB : Sync'ed 10.51.100.40/29 type Intra - change (Change, HigherCost): added 0 paths, deleted 0 path
BNA-4500X-01#s, spf 34, route instance 34
*Aug 10 06:46:38.742: OSPF-1200 LRIB : Creating route 10.53.0.0/29
*Aug 10 06:46:38.742: OSPF-1200 LRIB : Add path area 0, type Inter, dist 11, forward 0, tag 0x0, via 10.51.100.42 Vlan1200, route flags (None), path flags (none), source 10.51.100.58, spf 34, list-type change_list
*Aug 10 06:46:38.742: OSPF-1200 LRIB : Creating route 192.168.7.0/24
*Aug 10 06:46:38.742: OSPF-1200 LRIB : Add path area 0, type Inter, dist 21, forward 0, tag 0x0, via 10.51.100.42 Vlan12
BNA-4500X-01#00, route flags (None), path flags (none), source 10.51.100.58, spf 34, list-type change_list
*Aug 10 06:46:38.742: OSPF-1200 GRIB : IP route replace of 1 next hops failed for 192.168.7.0/24 (flags 0x0, type Inter, tag 0x0), retcode 3
*Aug 10 06:46:38.742: OSPF-1200 GRIB : Next hop via 10.51.100.42 on Vlan1200 (distance 21, source 10.51.100.58, label 1048578) NOT installed
*Aug 10 06:46:38.742: OSPF-1200 LRIB : Sync'ed 192.168.7.0/24 type Inter - change (Change, HigherCost): added 0 paths, delete
BNA-4500X-01#d 0 paths, spf 34, route instance 34
*Aug 10 06:46:38.742: OSPF-1200 GRIB : IP route replace of 1 next hops failed for 10.53.0.0/29 (flags 0x0, type Inter, tag 0x0), retcode 3
*Aug 10 06:46:38.743: OSPF-1200 GRIB : Next hop via 10.51.100.42 on Vlan1200 (distance 11, source 10.51.100.58, label 1048578) NOT installed
*Aug 10 06:46:38.743: OSPF-1200 LRIB : Sync'ed 10.53.0.0/29 type Inter - change (Change, HigherCost): added 0 paths, deleted 0 paths, spf 34, route instance 34

BNA-4500X-01#show ip ospf database

OSPF Router with ID (10.52.100.33) (Process ID 1113)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
10.52.100.33 10.52.100.33 845 0x8000001E 0x00B164 1

OSPF Router with ID (10.52.100.25) (Process ID 1325)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
10.52.100.25 10.52.100.25 1056 0x8000001E 0x00FF83 1

OSPF Router with ID (10.52.100.17) (Process ID 1323)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
10.52.100.17 10.52.100.17 860 0x8000001E 0x00029F 1

OSPF Router with ID (10.52.100.9) (Process ID 1322)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
10.52.100.9 10.52.100.9 708 0x8000001E 0x00D3D4 1

OSPF Router with ID (10.52.100.1) (Process ID 1324)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
10.52.100.1 10.52.100.1 1084 0x8000001E 0x0081DC 1

OSPF Router with ID (10.51.100.49) (Process ID 1150)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
10.51.100.49 10.51.100.49 798 0x8000001E 0x00DF05 2

OSPF Router with ID (10.51.100.41) (Process ID 1200)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
10.51.100.41 10.51.100.41 62 0x80000025 0x004171 2
10.51.100.57 10.51.100.57 1053 0x80000020 0x00410C 2
10.51.100.58 10.51.100.58 2004 0x8000002C 0x006279 2

Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum
10.51.100.42 10.51.100.58 2004 0x80000015 0x003AA4
10.51.100.58 10.51.100.58 984 0x80000017 0x007646

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum
10.53.0.0 10.51.100.58 984 0x80000017 0x008682
192.168.7.0 10.51.100.58 984 0x80000017 0x0017AF

Type-5 AS External Link States

Link ID ADV Router Age Seq# Checksum Tag
0.0.0.0 10.51.100.58 229 0x80000019 0x00016A 10

OSPF Router with ID (10.51.100.33) (Process ID 1500)

OSPF Router with ID (10.51.100.25) (Process ID 1122)

OSPF Router with ID (10.51.100.17) (Process ID 1121)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
10.51.100.17 10.51.100.17 948 0x8000001E 0x000F21 1

OSPF Router with ID (10.51.100.9) (Process ID 1100)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
10.51.100.9 10.51.100.9 809 0x8000001E 0x00B09F 1

OSPF Router with ID (10.51.100.57) (Process ID 1017)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
10.51.100.41 10.51.100.41 63 0x80000025 0x004171 2
10.51.100.57 10.51.100.57 1051 0x80000020 0x00410C 2
10.51.100.58 10.51.100.58 2005 0x8000002C 0x006279 2

Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum
10.51.100.42 10.51.100.58 2005 0x80000015 0x003AA4
10.51.100.58 10.51.100.58 984 0x80000017 0x007646

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum
10.53.0.0 10.51.100.58 984 0x80000017 0x008682
192.168.7.0 10.51.100.58 984 0x80000017 0x0017AF

Type-5 AS External Link States

Link ID ADV Router Age Seq# Checksum Tag
0.0.0.0 10.51.100.58 229 0x80000019 0x00016A 10

OSPF Router with ID (10.51.100.1) (Process ID 1400)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
10.51.100.1 10.51.100.1 976 0x8000001E 0x003D85 2
BNA-4500X-01#show ip route vrf YELLOW_PROD

Routing Table: YELLOW_PROD
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks
C 10.20.0.0/24 is directly connected, Vlan700
L 10.20.0.1/32 is directly connected, Vlan700
C 10.51.100.40/29 is directly connected, Vlan1200
L 10.51.100.41/32 is directly connected, Vlan1200
BNA-4500X-01#

Rolf Fischer · ‎08-10-2015

Can you check if the Type-5 LSA has a non-zero forwarding address set (show ip ospf 1200 database external 0.0.0.0)?

If so, the prefix-list needs to permit this address as well, or you could set the corresponding interface on the ASA OSPF-passive (if possible).

Btw, you could simplify your distribute-list line:

router ospf 1200 vrf YELLOW_PROD

distribute-list prefix DEFAULT_ONLY1 in ! no route-map needed ...

HTH

Rolf

Steven Williams · ‎08-10-2015

BNA-4500X-01#show ip ospf 1200 database external 0.0.0.0

OSPF Router with ID (10.51.100.41) (Process ID 1200)

Type-5 AS External Link States

LS age: 862
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 0.0.0.0 (External Network Number )
Advertising Router: 10.51.100.58
LS Seq Number: 8000001C
Checksum: 0xFA6D
Length: 36
Network Mask: /0
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 10
Forward Address: 10.53.0.2
External Route Tag: 10

BNA-4500X-01#

There isnt a passive interface option on the ASA.

I did try the prefix list method and it didnt work.

Rolf Fischer · ‎08-10-2015

Forward Address: 10.53.0.2

OK, my bad. You have to premit the corresponding network.

An OSPF internal route for the FA has to be present in the routing-table, otherwise the external route won't be installed.

You can find more details here: http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13682-10.html

Steven Williams · ‎08-10-2015

10.53.0.2 is another ASA upstream from the ASA 5585X that is configured for the default originate in the OSPF process? So I am confused?

Rolf Fischer · ‎08-10-2015

A default route with 10.53.0.2 as next-hop address must exist somewhere, the same device is configured to originate an OSPF default route, and the conditions to set the forwarding address to this next hop are met on the interface:

OSPF network type broadcast or non-broadcast
OSPF enabled (non-passive)

Steven Williams · ‎08-10-2015

So I have 4500Xs connected upstream to an ASA5585. Then the ASA5585 has a connection to an ASA 5525X. THe 4500s have multiple vrfs with egress networks to the ASA5585. So therefore all traffic per vrf needs to hit the 5585 for IPS inspection and routing. If it needs to hit another vrf it will route back down to the 4500s and go to its destination. So therefore each vrf needs to know that 0.0.0.0/0 traffic goes to 5585x and then the 5585x decides what to do next. The default-info originate statement sits on the OSPF process on the 5585 in area 0. The link from 5585 to 5525 is a layer 3 link with the 10.53.0.0/24 network....the 5585 has a static 0.0.0.0/0 that heads over to the ASA5525x....

Steven Williams · ‎08-10-2015

BNA-4500X-01#show ip route vrf YELLOW_PROD

Routing Table: YELLOW_PROD
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is 10.51.100.42 to network 0.0.0.0

O*E2 0.0.0.0/0 [110/10] via 10.51.100.42, 02:14:13, Vlan1200
10.0.0.0/8 is variably subnetted, 7 subnets, 3 masks
C 10.20.0.0/24 is directly connected, Vlan700
L 10.20.0.1/32 is directly connected, Vlan700
O 10.20.42.0/24 [110/12] via 10.51.100.42, 02:14:13, Vlan1200
C 10.51.100.40/29 is directly connected, Vlan1200
L 10.51.100.41/32 is directly connected, Vlan1200
O 10.51.100.56/29 [110/11] via 10.51.100.42, 02:14:13, Vlan1200
O IA 10.53.0.0/29 [110/11] via 10.51.100.42, 02:14:13, Vlan1200
O IA 192.168.7.0/24 [110/21] via 10.51.100.42, 02:14:13, Vlan1200
BNA-4500X-01#

Without the route-map this is what the route table looks like. 10.51.100.42 is the upstream interface on the ASA 5585.

Rolf Fischer · ‎08-10-2015

O IA     10.53.0.0/29 [110/11] via 10.51.100.42, 02:14:13, Vlan1200

This route needs to be present in the routing table.

Or you'll need to find a way to inject the default route with a 0.0.0.0 FA (at the moment I don't see how this can be achieved).

Rolf Fischer · ‎08-10-2015

I guess the simplest solution is permitting the 10.53.0.0/24 network in the prefix-list.

As soon as an OSPF internal route to 10.53.0.2 appears in the routing table, the default route will be installed as well.

Steven Williams · ‎08-10-2015

BNA-4500X-01(config)#do show run | sec ip pref
ip prefix-list DEFAULT_ONLY1 seq 10 permit 0.0.0.0/0
BNA-4500X-01(config)#ip prefix-list DEFAULT_ONLY1 seq 20 permit 10.53.0.0/24
BNA-4500X-01(config)#
BNA-4500X-01(config)#
BNA-4500X-01(config)#exit
BNA-4500X-01#show run |
*Aug 10 09:20:04.444: %SYS-5-CONFIG_I: Configured from console by admin on console
BNA-4500X-01#show run | sec router ospf 1200
router ospf 1200 vrf YELLOW_PROD
router-id 10.51.100.41
area 0 authentication message-digest
network 10.20.0.1 0.0.0.0 area 0
network 10.20.30.1 0.0.0.0 area 0
network 10.51.100.41 0.0.0.0 area 0
network 192.168.1.1 0.0.0.0 area 0
network 192.168.5.1 0.0.0.0 area 0
network 192.168.12.1 0.0.0.0 area 0
BNA-4500X-01#conf t
Enter configuration commands, one per line. End with CNTL/Z.
BNA-4500X-01(config)#router ospf 1200 vrf YELLOW_PROD
BNA-4500X-01(config-router)#distr
BNA-4500X-01(config-router)#distribute-list rou
BNA-4500X-01(config-router)#$list route-map DEFAULT_ROUTE_ONLY_RMAP1 in
BNA-4500X-01(config-router)#e
*Aug 10 09:20:40.576: OSPF-1200 LRIB : Updating route 10.51.100.40/29
*Aug 10 09:20:40.576: OSPF-1200 LRIB : Add path area 0, type Intra, dist 1, forward 0, tag 0x0, via 10.51.100.41 Vlan1200, route flags (Connected), path flags (Connected), source 10.51.100.58, spf 36, list-type change_list
*Aug 10 09:20:40.576: OSPF-1200 LRIB : Updating route 10.51.100.56/29
*Aug 10 09:20:40.576: OSPF-1200 LRIB : Add path area 0, type Intra, dist 11, forward 0, tag 0x0, via 10.51.100.42 Vlan1200, route flags
BNA-4500X-01(config-router)#exir(None), path flags (none), source 10.51.100.58, spf 36, list-type change_list
*Aug 10 09:20:40.576: OSPF-1200 LRIB : Updating route 10.20.0.0/24
*Aug 10 09:20:40.576: OSPF-1200 LRIB : Add path area 0, type Intra, dist 1, forward 0, tag 0x0, via 10.20.0.1 Vlan700, route flags (Connected), path flags (Connected), source 10.51.100.41, spf 36, list-type change_list
*Aug 10 09:20:40.576: OSPF-1200 LRIB : Updating route 10.20.42.0/24
*Aug 10 09:20:40.576: OSPF-1200 LRIB : Add path area 0, type Intra,
BNA-4500X-01(config-router)#exidist 12, forward 0, tag 0x0, via 10.51.100.42 Vlan1200, route flags (None), path flags (none), source 10.51.100.57, spf 36, list-type change_list
*Aug 10 09:20:40.577: OSPF-1200 GRIB : IP route replace of 1 next hops failed for 10.20.42.0/24 (flags 0x0, type Intra, tag 0x0), retcode 3
*Aug 10 09:20:40.577: OSPF-1200 GRIB : Next hop via 10.51.100.42 on Vlan1200 (distance 12, source 10.51.100.57, label 1048578) NOT installed
*Aug 10 09:20:40.577: OSPF-1200 GRIB : Route 10.20.42.0/24: delete of p
BNA-4500X-01(config-router)#exi
BNA-4500X-01(config)#
BNA-4500X-01(config)#ath via 10.51.100.42 on Vlan1200, source 10.51.100.57 failed
*Aug 10 09:20:40.577: OSPF-1200 LRIB : Sync'ed 10.20.42.0/24 type Intra - change (PathChange): added 0 paths, deleted 1 paths, spf 36, route instance 36
*Aug 10 09:20:40.577: OSPF-1200 LRIB : Sync'ed 10.20.0.0/24 type Intra - change (Change): added 0 paths, deleted 0 paths, spf 36, route instance 36
*Aug 10 09:20:40.577: OSPF-1200 GRIB : IP route replace of 1 next hops failed for 10.51.100.56/29 (flags 0x0, type Intra, tag 0x0), retcode 3
BNA-4500X-01(config)#e
*Aug 10 09:20:40.577: OSPF-1200 GRIB : Next hop via 10.51.100.42 on Vlan1200 (distance 11, source 10.51.100.58, label 1048578) NOT installed
*Aug 10 09:20:40.577: OSPF-1200 GRIB : Route 10.51.100.56/29: delete of path via 10.51.100.42 on Vlan1200, source 10.51.100.58 failed
*Aug 10 09:20:40.577: OSPF-1200 LRIB : Sync'ed 10.51.100.56/29 type Intra - change (PathChange): added 0 paths, deleted 1 paths, spf 36, route instance 36
*Aug 10 09:20:40.577: OSPF-1200 LRIB : Sync'ed 10.51.100.40/29 type
BNA-4500X-01(config)#exit
BNA-4500X-01#Intra - change (Change): added 0 paths, deleted 0 paths, spf 36, route instance 36
*Aug 10 09:20:40.577: OSPF-1200 LRIB : Updating route 10.53.0.0/29
*Aug 10 09:20:40.577: OSPF-1200 LRIB : Add path area 0, type Inter, dist 11, forward 0, tag 0x0, via 10.51.100.42 Vlan1200, route flags (None), path flags (none), source 10.51.100.58, spf 36, list-type change_list
*Aug 10 09:20:40.578: OSPF-1200 LRIB : Updating route 192.168.7.0/24
*Aug 10 09:20:40.578: OSPF-1200 LRIB : Add path area 0, type Inter,
BNA-4500X-01#
BNA-4500X-01#
BNA-4500X-01#
BNA-4500X-01#sho dist 21, forward 0, tag 0x0, via 10.51.100.42 Vlan1200, route flags (None), path flags (none), source 10.51.100.58, spf 36, list-type change_list
*Aug 10 09:20:40.578: OSPF-1200 GRIB : IP route replace of 1 next hops failed for 192.168.7.0/24 (flags 0x0, type Inter, tag 0x0), retcode 3
*Aug 10 09:20:40.578: OSPF-1200 GRIB : Next hop via 10.51.100.42 on Vlan1200 (distance 21, source 10.51.100.58, label 1048578) NOT installed
*Aug 10 09:20:40.578: OSPF-1200 GRIB : Route 192.168.7.0/24: delete o
BNA-4500X-01#show ip f path via 10.51.100.42 on Vlan1200, source 10.51.100.58 failed
*Aug 10 09:20:40.578: OSPF-1200 LRIB : Sync'ed 192.168.7.0/24 type Inter - change (PathChange): added 0 paths, deleted 1 paths, spf 36, route instance 36
*Aug 10 09:20:40.578: OSPF-1200 GRIB : IP route replace of 1 next hops failed for 10.53.0.0/29 (flags 0x0, type Inter, tag 0x0), retcode 3
*Aug 10 09:20:40.578: OSPF-1200 GRIB : Next hop via 10.51.100.42 on Vlan1200 (distance 11, source 10.51.100.58, label 1048578) NOT installed
*
BNA-4500X-01#show ip route Aug 10 09:20:40.578: OSPF-1200 GRIB : Route 10.53.0.0/29: delete of path via 10.51.100.42 on Vlan1200, source 10.51.100.58 failed
*Aug 10 09:20:40.578: OSPF-1200 LRIB : Sync'ed 10.53.0.0/29 type Inter - change (PathChange): added 0 paths, deleted 1 paths, spf 36, route instance 36
*Aug 10 09:20:40.578: OSPF-1200 GRIB : Route 0.0.0.0/0: delete of path via 10.51.100.42 on Vlan1200, source 10.51.100.58 failed
*Aug 10 09:20:40.578: OSPF-1200 LRIB : Sync'ed 0.0.0.0/0 type Ext2 - change (RtDelete, RthD
BNA-4500X-01#show ip route |elete, PathChange): added 0 paths, deleted 1 paths, spf 36, route instance 35
*Aug 10 09:20:41.573: OSPF-1200 REDIS: Do redist-scanning, reason flag 0x1
*Aug 10 09:20:41.573: OSPF-1200 REDIS: Scan OER table for redistribution
*Aug 10 09:20:41.573: OSPF-1200 REDIS: End of OER table scan, elapsed time 0ms
*Aug 10 09:20:41.573: OSPF-1200 REDIS: Notification to redistribute 0.0.0.0/0
*Aug 10 09:20:45.871: %SYS-5-CONFIG_I: Configured from console by admin on console
BNA-4500X-01#show ip route vrf YELLOW_PROD

Routing Table: YELLOW_PROD
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks
C 10.20.0.0/24 is directly connected, Vlan700
L 10.20.0.1/32 is directly connected, Vlan700
C 10.51.100.40/29 is directly connected, Vlan1200
L 10.51.100.41/32 is directly connected, Vlan1200
BNA-4500X-01#show ip route vrf YELLOW_PROD

Routing Table: YELLOW_PROD
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks
C 10.20.0.0/24 is directly connected, Vlan700
L 10.20.0.1/32 is directly connected, Vlan700
C 10.51.100.40/29 is directly connected, Vlan1200
L 10.51.100.41/32 is directly connected, Vlan1200
BNA-4500X-01#show ip route vrf YELLOW_PROD

Routing Table: YELLOW_PROD
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks
C 10.20.0.0/24 is directly connected, Vlan700
L 10.20.0.1/32 is directly connected, Vlan700
C 10.51.100.40/29 is directly connected, Vlan1200
L 10.51.100.41/32 is directly connected, Vlan1200
BNA-4500X-01#clear ip ospf 1200 proc
BNA-4500X-01#clear ip ospf 1200 process
Reset OSPF process 1200? [no]: yes
BNA-4500X-01#
*Aug 10 09:21:10.877: %OSPF-5-ADJCHG: Process 1200, Nbr 10.51.100.58 on Vlan1200 from FULL to DOWN, Neighbor Down: Interface down or detached
*Aug 10 09:21:10.877: OSPF-1200 LRIB : Local RIB clear
*Aug 10 09:21:10.889: OSPF-1200 LRIB : Purging first-hop via 10.20.0.1 on Vlan700
*Aug 10 09:21:10.889: OSPF-1200 LRIB : Purging first-hop via 10.51.100.41 on Vlan1200
*Aug 10 09:21:10.889: OSPF-1200 LRIB : Purging first-hop via 10.51.100.42 on Vlan1200
BNA-4500X-01#
*Aug 10 09:21:10.890: %OSPF-5-ADJCHG: Process 1200, Nbr 10.51.100.58 on Vlan1200 from LOADING to FULL, Loading Done
BNA-4500X-01#
*Aug 10 09:21:20.890: OSPF-1200 LRIB : Creating new first-hop via 10.51.100.41 on Vlan1200
*Aug 10 09:21:20.890: OSPF-1200 LRIB : Creating route 10.51.100.40/29
*Aug 10 09:21:20.890: OSPF-1200 LRIB : Add path area 0, type Intra, dist 1, forward 0, tag 0x0, via 10.51.100.41 Vlan1200, route flags (Connected), path flags (Connected), source 10.51.100.58, spf 38, list-type change_list
*Aug 10 09:21:20.890: OSPF-1200 LRIB : Creating new first-hop via 10.51.100.42 on Vlan1200
*Aug 10 09:21:20.890: OSPF
BNA-4500X-01#-1200 LRIB : Creating route 10.51.100.56/29
*Aug 10 09:21:20.890: OSPF-1200 LRIB : Add path area 0, type Intra, dist 11, forward 0, tag 0x0, via 10.51.100.42 Vlan1200, route flags (None), path flags (none), source 10.51.100.58, spf 38, list-type change_list
*Aug 10 09:21:20.890: OSPF-1200 LRIB : Creating new first-hop via 10.20.0.1 on Vlan700
*Aug 10 09:21:20.890: OSPF-1200 LRIB : Creating route 10.20.0.0/24
*Aug 10 09:21:20.890: OSPF-1200 LRIB : Add path area 0, type Intra, dist 1, forward 0, t
BNA-4500X-01#ag 0x0, via 10.20.0.1 Vlan700, route flags (Connected), path flags (Connected), source 10.51.100.41, spf 38, list-type change_list
*Aug 10 09:21:20.890: OSPF-1200 LRIB : Creating route 10.20.42.0/24
*Aug 10 09:21:20.890: OSPF-1200 LRIB : Add path area 0, type Intra, dist 12, forward 0, tag 0x0, via 10.51.100.42 Vlan1200, route flags (None), path flags (none), source 10.51.100.57, spf 38, list-type change_list
*Aug 10 09:21:20.890: OSPF-1200 GRIB : IP route replace of 1 next hops failed for 10.20.
BNA-4500X-01#42.0/24 (flags 0x0, type Intra, tag 0x0), retcode 3
*Aug 10 09:21:20.890: OSPF-1200 GRIB : Next hop via 10.51.100.42 on Vlan1200 (distance 12, source 10.51.100.57, label 1048578) NOT installed
*Aug 10 09:21:20.890: OSPF-1200 LRIB : Sync'ed 10.20.42.0/24 type Intra - change (Change, HigherCost): added 0 paths, deleted 0 paths, spf 38, route instance 38
*Aug 10 09:21:20.890: OSPF-1200 LRIB : Sync'ed 10.20.0.0/24 type Intra - change (Change, HigherCost): added 0 paths, deleted 0 paths, spf 38, route i
BNA-4500X-01#nstance 38
*Aug 10 09:21:20.890: OSPF-1200 GRIB : IP route replace of 1 next hops failed for 10.51.100.56/29 (flags 0x0, type Intra, tag 0x0), retcode 3
*Aug 10 09:21:20.890: OSPF-1200 GRIB : Next hop via 10.51.100.42 on Vlan1200 (distance 11, source 10.51.100.58, label 1048578) NOT installed
*Aug 10 09:21:20.890: OSPF-1200 LRIB : Sync'ed 10.51.100.56/29 type Intra - change (Change, HigherCost): added 0 paths, deleted 0 paths, spf 38, route instance 38
*Aug 10 09:21:20.890: OSPF-1200 LRIB : Syn
BNA-4500X-01#c'ed 10.51.100.40/29 type Intra - change (Change, HigherCost): added 0 paths, deleted 0 paths, spf 38, route instance 38
*Aug 10 09:21:20.890: OSPF-1200 LRIB : Creating route 10.53.0.0/29
*Aug 10 09:21:20.891: OSPF-1200 LRIB : Add path area 0, type Inter, dist 11, forward 0, tag 0x0, via 10.51.100.42 Vlan1200, route flags (None), path flags (none), source 10.51.100.58, spf 38, list-type change_list
*Aug 10 09:21:20.891: OSPF-1200 LRIB : Creating route 192.168.7.0/24
*Aug 10 09:21:20.891: OSPF-120
BNA-4500X-01#0 LRIB : Add path area 0, type Inter, dist 21, forward 0, tag 0x0, via 10.51.100.42 Vlan1200, route flags (None), path flags (none), source 10.51.100.58, spf 38, list-type change_list
*Aug 10 09:21:20.891: OSPF-1200 GRIB : IP route replace of 1 next hops failed for 192.168.7.0/24 (flags 0x0, type Inter, tag 0x0), retcode 3
*Aug 10 09:21:20.891: OSPF-1200 GRIB : Next hop via 10.51.100.42 on Vlan1200 (distance 21, source 10.51.100.58, label 1048578) NOT installed
*Aug 10 09:21:20.891: OSPF-1200 L
BNA-4500X-01#RIB : Sync'ed 192.168.7.0/24 type Inter - change (Change, HigherCost): added 0 paths, deleted 0 paths, spf 38, route instance 38
*Aug 10 09:21:20.891: OSPF-1200 GRIB : IP route replace of 1 next hops failed for 10.53.0.0/29 (flags 0x0, type Inter, tag 0x0), retcode 3
*Aug 10 09:21:20.891: OSPF-1200 GRIB : Next hop via 10.51.100.42 on Vlan1200 (distance 11, source 10.51.100.58, label 1048578) NOT installed
*Aug 10 09:21:20.891: OSPF-1200 LRIB : Sync'ed 10.53.0.0/29 type Inter - change (Change, Hig
BNA-4500X-01#yesherCost): added 0 paths, deleted 0 paths, spf 38, route instance 38
BNA-4500X-01#show ip route vrf YELLOW_PROD

Routing Table: YELLOW_PROD
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks
C 10.20.0.0/24 is directly connected, Vlan700
L 10.20.0.1/32 is directly connected, Vlan700
C 10.51.100.40/29 is directly connected, Vlan1200
L 10.51.100.41/32 is directly connected, Vlan1200
BNA-4500X-01#

Rolf Fischer · ‎08-10-2015

Sorry, you told me it's /24 but it seems to be /29?

Steven Williams · ‎08-10-2015

typo, sorry. Regardless the routing table on the 4500s should need to know about 10.53.0.0/29 network. because they should have a default route to the ASA 5585's and at that point the 5585's will decide where that traffic goes.

Rolf Fischer · ‎08-10-2015

Regardless the routing table on the 4500s should need to know about 10.53.0.0/29 
network. because they should have a default route to the ASA 5585's and at that 
point the 5585's will decide where that traffic goes.

It has to be an OSPF internal (intra area or inter area) route.

A route must perform this extra check before installing an external route when the forwarding address ist set. If that check fails, the router must not install the route.

https://supportforums.cisco.com/discussion/12550721/ospf-forwarding-address

Steven Williams · ‎08-10-2015

4500s to ASA5585 is area 0.

ASA config:

router ospf 10
network 10.51.100.2 255.255.255.255 area 0
network 10.51.100.10 255.255.255.255 area 0
network 10.51.100.18 255.255.255.255 area 0
network 10.51.100.26 255.255.255.255 area 0
network 10.51.100.34 255.255.255.255 area 0
network 10.51.100.42 255.255.255.255 area 0
network 10.51.100.50 255.255.255.255 area 0
network 10.51.100.58 255.255.255.255 area 0
network 10.53.0.4 255.255.255.255 area 1
area 0 authentication message-digest
area 0 filter-list prefix OSPF out
area 1 authentication message-digest
log-adj-changes
default-information originate