https://live.paloaltonetworks.com/t5/general-topics/ospf-through-vwire/m-p/67886#M39709 <P>I attempted to install a PA5060 between a Cisco ASA and Cisco Nexus switch in vwire mode. the ASA has an OSPF neighbor with the nexus 7k to distribute the defualt route learned via BGP from the ISP.</P> <P>&nbsp;</P> <P>Once the 5060 was installed, the OSPF neigbor came up but the routes were not exchanged. in the logs I see the traffic as allowed and the application as OSPF.&nbsp;</P> <P>&nbsp;</P> <P>Is there any other configuration needed? I see in the following article that multicast traffic is allowed by defualt in vwire.</P> <P><A href="https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Block-Multicast-Traffic-in-a-VWire-Virtual-Wire-Setup/ta-p/55877" target="_blank">https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Block-Multicast-Traffic-in-a-VWire-Virtual-Wire-Setup/ta-p/55877</A></P> <P>&nbsp;</P> <P>The PA-5060 is running 7.0.3</P> <P>&nbsp;</P> <P>All other traffic was working. I could ping across the vwire but the routes were not there.</P> <P>&nbsp;</P> <P>thanks,</P> <P>Nathan&nbsp;</P> Tue, 10 Nov 2015 01:01:48 GMT Nathan.McCart 2015-11-10T01:01:48Z https://live.paloaltonetworks.com/t5/general-topics/ospf-through-vwire/m-p/67886#M39709 <P>I attempted to install a PA5060 between a Cisco ASA and Cisco Nexus switch in vwire mode. the ASA has an OSPF neighbor with the nexus 7k to distribute the defualt route learned via BGP from the ISP.</P> <P>&nbsp;</P> <P>Once the 5060 was installed, the OSPF neigbor came up but the routes were not exchanged. in the logs I see the traffic as allowed and the application as OSPF.&nbsp;</P> <P>&nbsp;</P> <P>Is there any other configuration needed? I see in the following article that multicast traffic is allowed by defualt in vwire.</P> <P><A href="https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Block-Multicast-Traffic-in-a-VWire-Virtual-Wire-Setup/ta-p/55877" target="_blank">https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Block-Multicast-Traffic-in-a-VWire-Virtual-Wire-Setup/ta-p/55877</A></P> <P>&nbsp;</P> <P>The PA-5060 is running 7.0.3</P> <P>&nbsp;</P> <P>All other traffic was working. I could ping across the vwire but the routes were not there.</P> <P>&nbsp;</P> <P>thanks,</P> <P>Nathan&nbsp;</P> Tue, 10 Nov 2015 01:01:48 GMT https://live.paloaltonetworks.com/t5/general-topics/ospf-through-vwire/m-p/67886#M39709 Nathan.McCart 2015-11-10T01:01:48Z https://live.paloaltonetworks.com/t5/general-topics/ospf-through-vwire/m-p/67912#M39722 <P>Hi there...Did you include security rule(s) to allow OSPF traffic in both directions across the vwire? &nbsp;</P> Tue, 10 Nov 2015 19:43:29 GMT https://live.paloaltonetworks.com/t5/general-topics/ospf-through-vwire/m-p/67912#M39722 rmonvon 2015-11-10T19:43:29Z https://live.paloaltonetworks.com/t5/general-topics/ospf-through-vwire/m-p/67917#M39725 <P>yes I have security policies allowing all traffic both ways.&nbsp;</P> Tue, 10 Nov 2015 20:39:26 GMT https://live.paloaltonetworks.com/t5/general-topics/ospf-through-vwire/m-p/67917#M39725 Nathan.McCart 2015-11-10T20:39:26Z https://live.paloaltonetworks.com/t5/general-topics/ospf-through-vwire/m-p/67918#M39726 <P>You can turn on packet capture on the PA device and filter on the OSPF multicast to see what's happening to the packets. &nbsp;Set the pcap to capture at all 4 stages: TX, RX, DROP and FIREWALL. &nbsp;That should provide information to help pinpoint the issue. &nbsp;Thanks.&nbsp;</P> Tue, 10 Nov 2015 20:44:03 GMT https://live.paloaltonetworks.com/t5/general-topics/ospf-through-vwire/m-p/67918#M39726 rmonvon 2015-11-10T20:44:03Z