11-09-2015 05:01 PM
I attempted to install a PA5060 between a Cisco ASA and Cisco Nexus switch in vwire mode. the ASA has an OSPF neighbor with the nexus 7k to distribute the defualt route learned via BGP from the ISP.
Once the 5060 was installed, the OSPF neigbor came up but the routes were not exchanged. in the logs I see the traffic as allowed and the application as OSPF.
Is there any other configuration needed? I see in the following article that multicast traffic is allowed by defualt in vwire.
The PA-5060 is running 7.0.3
All other traffic was working. I could ping across the vwire but the routes were not there.
thanks,
Nathan
11-10-2015 12:39 PM
yes I have security policies allowing all traffic both ways.
11-10-2015 12:44 PM
You can turn on packet capture on the PA device and filter on the OSPF multicast to see what's happening to the packets. Set the pcap to capture at all 4 stages: TX, RX, DROP and FIREWALL. That should provide information to help pinpoint the issue. Thanks.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
