PIX OSPF routes don't show up on my internal network.

Discussion in 'Cisco' started by Lars Jorgensen, May 19, 2004.

  1. Hi,

    I have configured a pix 515 like this:

    ip address inside 172.31.4.254 255.255.255.0
    ip address dmz 172.24.0.1 255.255.0.0
    router ospf 150
    network 172.24.0.0 255.255.0.0 area 0
    network 172.31.4.0 255.255.255.0 area 0
    log-adj-changes
    redistribute connected subnets

    The PIX sees all the routes distributed on my internal network, but I
    can't see the 172.24.0.0-route on my internal routers.

    Here's the output from the one closest to the pix:

    main-1-01#sh ip ospf neighbor

    Neighbor ID Pri State Dead Time Address Interface
    172.31.4.254 1 FULL/BDR 00:00:37 172.31.4.254 Vlan40

    So that's all fine and dandy, but:

    main-1-01#sh ip route 172.24.0.0
    % Network not in table

    I've tried debugging on main-1-01, but I can't see anything unusual.

    Any hints?


    --
    Lars
     
    Lars Jorgensen, May 19, 2004
    #1
    1. Advertising

  2. Lars Jorgensen

    Ivan Ostres Guest

    In article <>,
    says...
    > Hi,
    >
    > I have configured a pix 515 like this:
    >
    > ip address inside 172.31.4.254 255.255.255.0
    > ip address dmz 172.24.0.1 255.255.0.0
    > router ospf 150
    > network 172.24.0.0 255.255.0.0 area 0
    > network 172.31.4.0 255.255.255.0 area 0
    > log-adj-changes
    > redistribute connected subnets
    >
    > The PIX sees all the routes distributed on my internal network, but I
    > can't see the 172.24.0.0-route on my internal routers.
    >
    > Here's the output from the one closest to the pix:
    >
    > main-1-01#sh ip ospf neighbor
    >
    > Neighbor ID Pri State Dead Time Address Interface
    > 172.31.4.254 1 FULL/BDR 00:00:37 172.31.4.254 Vlan40
    >
    > So that's all fine and dandy, but:
    >
    > main-1-01#sh ip route 172.24.0.0
    > % Network not in table
    >
    > I've tried debugging on main-1-01, but I can't see anything unusual.
    >
    > Any hints?
    >
    >
    >


    What does 'show ip ospf database' says on PIX? Do you have 'ip subnet-
    zero' on router?

    --Ivan.
     
    Ivan Ostres, May 19, 2004
    #2
    1. Advertising

  3. Ivan Ostres wrote:
    >>The PIX sees all the routes distributed on my internal network, but I
    >>can't see the 172.24.0.0-route on my internal routers.


    > What does 'show ip ospf database' says on PIX?


    A lot. Here's a abbreviated output:

    ospf-pix# sh ospf database


    OSPF Router with ID (172.31.4.254) (Process ID 150)


    Router Link States (Area 0)

    Link ID ADV Router Age Seq# Checksum Link count
    172.21.1.2 172.21.1.2 1377 0x80002b1a 0x757e 57
    172.21.1.10 172.21.1.10 1676 0x80002a2f 0x53fe 57
    172.21.1.21 172.21.1.21 589 0x80000174 0xea7c 2
    172.26.250.3 172.26.250.3 579 0x80000e63 0x1d2f 6
    172.30.99.3 172.30.99.3 1291 0x8000288d 0x17b9 2
    172.30.99.9 172.30.99.9 708 0x80002d3e 0x33a1 2

    Net Link States (Area 0)

    Link ID ADV Router Age Seq# Checksum
    172.16.196.1 193.162.151.4 922 0x80000b85 0x f4c
    172.17.15.7 172.26.250.3 589 0x800004e7 0x412d
    172.18.1.2 172.26.250.3 589 0x80000e18 0x40e1
    172.21.1.3 192.168.99.1 813 0x800000e7 0x324e
    172.30.99.5 192.168.110.1 1387 0x80000992 0xc599
    172.31.4.1 172.36.1.240 1803 0x80000002 0xa073
    192.168.12.2 193.162.147.173 1068 0x80000b40 0xd4d3
    192.168.13.3 193.162.150.150 1563 0x80002d1e 0x5e13

    Type-5 AS External Link States

    Link ID ADV Router Age Seq# Checksum Tag
    1.1.1.0 172.31.4.254 1760 0x80000002 0xa02d 0
    10.1.0.0 192.168.99.1 1058 0x8000060c 0xb669 0
    10.10.2.0 192.168.99.1 1058 0x8000060c 0x7f86 0
    10.10.3.0 192.168.99.1 1058 0x8000060c 0x7490 0
    10.10.4.0 192.168.99.1 1058 0x8000060c 0x699a 0
    10.10.5.0 192.168.99.1 1058 0x8000060c 0x5ea4 0

    > Do you have 'ip subnet-zero' on router?


    Yes.

    When I do a "show ospf" on the PIX it says a lot of stuff, but this one line
    has me worried:

    Routing Process "ospf 150" with ID 172.31.4.254 and Domain ID 0.0.0.150

    On my router it says

    Routing Process "ospf 150" with ID 172.36.1.240

    What's this domain id? Is it important?


    Lars
     
    Lars Jorgensen, May 21, 2004
    #3
  4. Lars Jorgensen

    Ivan Ostres Guest

    In article <40adbac6$0$285$>,
    says...
    > Ivan Ostres wrote:
    > >>The PIX sees all the routes distributed on my internal network, but I
    > >>can't see the 172.24.0.0-route on my internal routers.

    >
    > > What does 'show ip ospf database' says on PIX?

    >
    > A lot. Here's a abbreviated output:
    >
    > ospf-pix# sh ospf database
    >

    [cutted bunch of good stuff]

    So, as you can see, you don't have your local links and networks under
    ospf database (except one with 1.1.1.0 ?!?), and that is the reason you
    can't see those routes on your routers.

    From your FP:


    > ip address inside 172.31.4.254 255.255.255.0
    > ip address dmz 172.24.0.1 255.255.0.0
    > router ospf 150
    > network 172.24.0.0 255.255.0.0 area 0
    > network 172.31.4.0 255.255.255.0 area 0


    Not sure about PIX, but on routers you have to add INTERFACES and not
    NETWORK (or networks that include those interfaces) and you have to use
    wildcard mask, not network mask.

    Something like:

    router ospf 150
    network 172.24.0.1 0.0.0.0 area 0
    network 172.31.4.254 0.0.0.0 area 0

    But, due to my ignorance, that might not be the same on PIX. I would try
    it, anyway.

    --Ivan.
     
    Ivan Ostres, May 21, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. maher
    Replies:
    3
    Views:
    17,552
  2. Replies:
    3
    Views:
    10,485
    Mathias Gaertner
    May 12, 2005
  3. JoelSeph
    Replies:
    9
    Views:
    6,734
    JoelSeph
    Jan 23, 2006
  4. Thomas Glanzmann

    Cisco ASA: Don't NAT routes anounced via OSPF

    Thomas Glanzmann, Feb 25, 2011, in forum: Cisco
    Replies:
    0
    Views:
    1,810
    Thomas Glanzmann
    Feb 25, 2011
  5. fashion t shirts seller
    Replies:
    0
    Views:
    1,310
    fashion t shirts seller
    Jun 13, 2011
Loading...

Share This Page